Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Can you help this network simpleton connect via SSH to a Cloudflare Access system?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Can you help this network simpleton connect via SSH to a Cloudflare Access system?

raindog308raindog308 Administrator, Veteran
in Help

There is a server that is behind CloudFlare Access. I can access its ssh by going to example.cloudflareaccess.com and using SSH in the web browser. I didn't set up the server or CFA.

I'd like to access it via VS Code and my local ssh client as working in the browser is painful.

I've been told I could setup some kind of ssh tunnel to a nearby VPS, and then connecting to that. If Seattle is the nearby VPS, I think this means:

me on my PC <-> SEA VPS <-> Cloudflare Access system

I'd be SSHing to SEA VPS which would be...tunneling? proxying? some network technology magic.

However, I can barely spell IPv4 and so am not sure how to setup this kind of network tunnel. What ssh commands would I run on the Cloudflare Access server, on the VPS, and on my PC to make this work?

Comments

  • totally_not_bannedtotally_not_banned Member
    edited March 12

    Sadly this is the first time i hear about this technology and from a quick glance over Cloudflare's description of it i just got a whole lot of nothing in regards to practical information. The only thing i notice that it seems kind of nonsensical to connect to a middleman VPS unless this VPS while provide a static IP to be somehow whitelisted at the target service or it's about having the connection originate from a Linux system (i figure if you are using VS Code you are on Windows?). Otherwise it would (in my pretty much ignorant opinion) obviously face the same hurdles with connecting the target system as your local client would. Not really helpful, i know...

  • matey0matey0 Member
    edited March 13

    First time hearing abut Cloudflare Access but I think I understand it enough from a little searching:

    • In order to connect to a server behind Cloudflare Access, you have to run cloudflared on the client machine to enable proxying
    • The suggestion to use a vps as a middleman tunnel, while a possibility, is not necessary since you can run cloudflared on your client machine itself

    You first have to install cloudflared and run it as a daemon: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/

    Then, modify your ssh config to use cloudflared as a proxy for your destination host (~/.ssh/config on unix):

    Host SOME_NAME
        HostName DESTINATION_IP_OR_HOSTNAME
        ProxyCommand cloudflared access ssh --hostname %h
        User root # optional
        IdentityFile ~/.ssh/SOME_NAME # optional
        ...

    then ssh into it via ssh SOME_NAME

    If you don't want to run cloudflared on your client you can run it on a vps and then tunnel through that with a little bit of networking magic.

    This post describes it as well https://orth.uk/ssh-over-cloudflare/
    (I just realized this post by me looks way too much like ChatGPT, I swear I typed it by myself :D )

    Thanked by 2totally_not_banned solarman
Sign In or Register to comment.