Hello can we detect real ip with spectrum ssh connections? Or can i add my static ip in firewall on cloudflare for ssh and block all different*? Thanks.
This is what I ended up doing. It’s been a while since I experimented with it, but I think it worked.
There’s no way to restore visitor IP for SSH. I recall there being some messages about this either here, or in a private conversation.
Where and how you add some ip for ssh? Thanks.
Your Spectrum SSH connection should have its own hostname, like ssh.example.com
So I added a Firewall Rule where if it’s that hostname AND IP address did not equal my IP address, then Block the connection.
Are you sure it works? As far as I know Firewall Rules don’t interact, yet, with Spectrum.
Ah, you’re right. I did try that, and it didn’t work. That’s probably why I don’t use it any more. I reverted back to using my server firewall instead.
- a new separate domain with IP Access Rules (those work, altough you need to block all countries manually).
- use Argo Tunnel with SSH and Access. It works great, unless you need to use mobile devices.
Hello about first variant i don’t understand why i need separetly (another) domain. In firewall i block all on 22 port but not cloudflare ips. My server have static ip. Second variant i know but agro tunnel cost + money. And with spectrum and with cloudflared someone scan service with bots* and file2ban block everything. Any other variant? If you can explain please first variant because i understand a little) Spectrum with firewall on cloudflare more flexible but dont present(
You need another domain because at the moment the only way to block IPs (unless you do it manually or via the API for specific IPs) from accessing a Spectrum tunnel is to block them off from the whole domain, which you may not want to do.
I have another domain and can block on server firewall all i need but when my mobile ip change i lost ssh to server. Totaly dont understand your suggest( in your logic i need two pro plan? Now i use Spectrum for extreame situation when i don’t need it i close it because bots scan and banned every time.
You can do whatever you want, I was proposing a solution that allowed you to block all IPs excluding yours. Unfortunately it requires two Pro plans. It may not need them in the future.
Thanks for answers! I hope Cloudflare fix it in near future for flexible and Security reason. I try to play with long keys etc)