Secure SSH Port on Instances

How to avoid exposing the SSH port to the Internet, to be accessed only when connected to the zero trust network?

You can bind the SSH port to the zero trust interface using the sshd config of your server.

I have followed the instructions to create a secure connection through WARP to Tunnel

https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/use_cases/ssh/#connect-to-ssh-server-with-warp-to-tunnel

And you can see the images of my configuration
https://firebasestorage.googleapis.com/v0/b/mis-pruebas-361b1.appspot.com/o/Screenshot%202023-03-08%20at%206.41.29%20p.m..png?alt=media&token=95d572fb-044a-41d5-a14e-fe93a61f428c

https://firebasestorage.googleapis.com/v0/b/mis-pruebas-361b1.appspot.com/o/Screenshot%202023-03-08%20at%206.46.15%20p.m..png?alt=media&token=90986f72-9c65-41dd-958e-aba8a195b46e

https://firebasestorage.googleapis.com/v0/b/mis-pruebas-361b1.appspot.com/o/Screenshot%202023-03-08%20at%206.47.23%20p.m..png?alt=media&token=9f9f22f2-61d9-49fc-9ce8-5a2c242d787f

What other configuration do I need?