HTTP connections work fine via browser whereas neither of two SSH connections to two different servers work. The connection seems to be getting sent to the server although no connection ever gets made:
$ ~/.ssh ssh -vv [email protected]
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/jg/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "mydomain.com" port 22
debug1: Connecting to mydomain.com [1234:4700:5687::ac43:90dc] port 22.
debug1: connect to address 2606:4700:3036::ac43:90dc port 22: Connection timed out
debug1: Connecting to mydomain.com [2606:4700:3035::6815:2f3a] port 22.
debug1: connect to address 2606:4700:3035::6815:2f3a port 22: Connection timed out
debug1: Connecting to mydomain.com [172.67.144.220] port 22.
debug1: connect to address 172.67.144.220 port 22: Connection timed out
debug1: Connecting to mydomain.com [104.21.47.58] port 22.
debug1: connect to address 104.21.47.58 port 22: Connection timed out
ssh: connect to host mydomain.com port 22: Connection timed out
Note that I can successfully SSH into the remote servers from within the local LAN using IP address - ie, [email protected].
Does anytihng special need to be done on the Cloudflare Tunnel configuration to enable SSH?
Note that I meant to add that I can ping both of the remote servers via the URL for the tunnel so it seems that the connection might be working. Still, though, I can not figure out why actually SSH-ing does not work.
I assume that you configured SSH service via public hostnames?
And were you trying to SSH into the machine via the public hostnames port 22 that you were configured?
You can’t directly SSH into that public hostname since Cloudflare edge does not open port 22 directly for you. You are advised to follow this documentation to get your SSH connection working:
1 Like
Thanks, Eric. The answer to both of your questions is “yes.”
I am not quite sure what you mean by “You can’t directly SSH into that public hostname,” though, as I can SSH into one of them from outside my network via the domain name. To be clear: I have two servers with Cloudflare Docker Tunnels - one running Ubuntu and one running Ubuntu Server. I can SSH into the one running Ubuntu using ssh [email protected]. However, I can not SSH into the one running Ubuntu Server using [email protected].
The configurations appear identical on both my domain host and Cloudflare Zero Trust portal. However, I can not confirm they are the same following https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/use-cases/ssh/#2-connect-as-a-user as that link explains a non-Docker setup. In other words, I can not access the Cloudflare Docker containers to confirm that they are configured properly/the same per the link you provided.
I figured out the issue by using ssh -vv and seeing that I had to add the second domain to my ~/.ssh/config file per:
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /home/jg/.ssh/config
Thanks for you feedback/guidance.