I’m actually testing a setup right now where I have cloudflared running on an EC2 instance. This EC2 instance has a web server running and the tunnel and its DNS record was created through cloudflared. I haven’t signed up for any Teams plan yet, so I’m just taking advantage of the fact that tunnels are now free. In other words, it’s a really simple setup. Today I wanted to tunnel SSH as well since I spotted it in a configuration example yesterday.
I expanded my setup with:
Based on the recent posts I’ve seen it seems like you’ve been using tunnels quite a bit, so I hope this makes sense. To summarize, I essentially had a publicly available test website using the tunnel, and then I added SSH as a second service connected through the same tunnel. While the website could be accessed from anywhere, establishing an SSH connection wasn’t possible without cloudflared on the client (last bullet point above).
I believe no extra authentication/authorization was necessary in my case, so please note that what I describe would expose SSH just like if you had opened up port 22 in a firewall (security group in the case of EC2). Following the tutorial linked above more closely would probably provide a more private and secure setup.
Will this solve your issue? I don’t know, but it may give you an idea of what’s possible