I have a domain
potato.com that has different services running on
xyz.potato.com where xyz is the name of service. Each service runs on a droplet in digital ocean.
I want to use cf access to give only authorized people SSH access to the backend servers.
There are two interfaces for configuring this. One is the Access Tab in
dash.cloudflare.com but if I understand correctly, It’s missing a lot of settings(I can’t really configure a Access Group there) and another is in
Which interface am I supposed to use to configure this?
Preferably, I want to use
ssh.<service>.instadapp.io domain as the facilitator for SSH but I am very open to other ideas as well.
Then, There is a lot of confusion in how to configure it. There is,
- Short lived certificates, https://developers.cloudflare.com/access/ssh/short-live-cert-server/
- SSH Connections, https://developers.cloudflare.com/access/ssh/ssh-guide/
They both seem to be doing the same thing so, What approach should I take? What is the preferred way of doing this?
Is there a way to access all my services at
ssh.<service>.cloudflare.com? Is there any more simpler documentation on how to configure this? We have a internal VPN configured with wireguard, It’s a pretty terrible setup and we are trying to move away from it.
I also tried Spectrum but all our servers listen on port 4556 for SSH and there doesn’t seem to be a way to configure port in spectrum. Plus, This will expose all the actual IP addresses of our backend servers/droplets since you have to configure spectrum on a subdomain which then opens them up to a lot of unwanted ssh traffic, Not that that’s a huge problem. I just prefer cf access approach where users have to authorize with the CF access portal before they are allowed in compared to Spectrum. But then, I am no expert and I will be happy to hear from everyone else on how it should be done.