All,

I’ve been using CF for a couple of years now, and am really happy with it. I now have a need to make SSH into my servers available on the Internet. These servers are already running cloudflared for my websites. Other than WireGuard, no ports are currently open to the Internet.

I don’t want to require my contractors to figure out adding cloudflared to their ~/.ssh/config and would much prefer to use the SSH access/protection provided by Spectrum.

Is it possible to have Spectrum receive the SSH connection and route it into the Argo tunnel? I’d much prefer not to add the Access layer in front of SSH as that isn’t something my contractors are used to. Additionally, I can’t guarantee ssh connections will originate from a GUI-based session.

I’m happy to spawn a second instance of cloudflared on the servers for the incoming SSH.

How would I set this up in the CF dashboard?

Unfortunately no, using Argo Tunnel creates a special “SSH” endpoint that isn’t related to spectrum, thus the mechanism requires cloudflared on the client machine (although, if you don’t put an Access policy on the subdomain, I believe it won’t require you open a browser window or anything).

I’ve effectively requested this feature here -

interesting, I hadn’t considered leaving the Access policy empty. I’ll give that a try. Thanks!

I’d still like to see Spectrum -> Argo tunnel for a thousand different reasons.

And I respectfully request the next Spectrum ports CF provides to Pro customers be SMTP / IMAP (and the secure variants).