How to give access of orgin ssh to thirdp party

I have protected my orgin using argo tunnel with private network and cloudflare teams.

There’s a new software that requires of your ip of the server and ssh key to automatically setup nginx and the WordPress do automatic backup, update

Is there any way that I can use Argo tunnel and cloudflare team for its access instead of whitelisting the software ip address in orgin firewall.

I’m actually testing a setup right now where I have cloudflared running on an EC2 instance. This EC2 instance has a web server running and the tunnel and its DNS record was created through cloudflared. I haven’t signed up for any Teams plan yet, so I’m just taking advantage of the fact that tunnels are now free. In other words, it’s a really simple setup. Today I wanted to tunnel SSH as well since I spotted it in a configuration example yesterday.

I expanded my setup with:

  • A new DNS record called “example-ssh” created manually through the dashboard. It looks just like my “example” record I added for the website (CNAME pointing to same address, orange-clouded).
  • Changed my config.yml for cloudflared to replace “url” parameter (pointing to localhost:80) with “ingress” definition containing entries for “example” and “example-ssh” hostname/service combinations. Refer to Ingress rules · Cloudflare Zero Trust docs
  • Installed cloudflared on my client machine and adjusted my SSH configuration. The “Connect from a client machine” part of this tutorial essentially: SSH · Cloudflare Zero Trust docs

Based on the recent posts I’ve seen it seems like you’ve been using tunnels quite a bit, so I hope this makes sense. To summarize, I essentially had a publicly available test website using the tunnel, and then I added SSH as a second service connected through the same tunnel. While the website could be accessed from anywhere, establishing an SSH connection wasn’t possible without cloudflared on the client (last bullet point above).

I believe no extra authentication/authorization was necessary in my case, so please note that what I describe would expose SSH just like if you had opened up port 22 in a firewall (security group in the case of EC2). Following the tutorial linked above more closely would probably provide a more private and secure setup.

Will this solve your issue? I don’t know, but it may give you an idea of what’s possible :smiley:

1 Like

The service I am using is spinupwp and I guess they won’t install cloudflared on there machine so that they can access safely. So I am just whistling there IPS in ec2 security group @svanlund

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.