I have successfully set up a cloudflared tunnel, which reports as healthy to my raspberry pi on my home network. I set up two rules:
-http for 127.0.0.1:80
-ssh for 127.0.0.1:22
When i visit the subdomain for the http rule it happily loads the index on the web server in the raspberry pi and the connector live stream shows two events logged.
However, when I ssh to the subdomain for the ssh, nothing appears in the live stream connector log and the connection attempt eventually times out.
The SSH on the raspberry pi has self-certificated SSL certificates I believe as when I try to ssh from a new computer it warns me about the certificates and I just say yes. Is this what’s stopping it working and, if so, what can I do about it?
Thanks for your help.
How are you trying to connect with SSH? You either need to have configured browser rendered SSH or be using cloudflared locally. See SSH · Cloudflare Zero Trust docs
I’m trying to connect straight from terminal. Thanks for the pointer!
When you say using cloudflare locally, do you mean cloudflare warp logged in on a team?
You do not need to have warp networking setup. You can use the same cloudflared application as a client as well as a server. To access using the client, you just run,
cloudflared access ssh --hostname <ssh.example.com>
Thanks again, Cyb3r-Jak3.
What I hadn’t understood in all of this that the client has to verify itself with cloudflare to be allowed through to connect to the SSH server at the other end of the domain name.
I installed cloudfared on my ubuntu laptop, then ran cloudfared access ssh – hostname [hostnameISetUpforMySSHOnMyRaspberryPi], which returned an instruction that had to be copied and pasted into ~/.ssh/config. If config doesn’t exist then just do nano ~/.ssh/config and it creates the file, then paste the cloudflared proxy instruction in to it, write it and close it, then just do ssh yourusername@yourcloudflaresshsubdomain and it all does the business.
I’ve got to say, Cloudflare seems like a cracking company. Had a lot of fun messing around with this and I still have a little bit of hair left. Really looking forward to getting my web server set up on the raspberry pi next.