SSH connections with Cloudflare Zero Trust

I wasn’t certain if this should go in Feedback or Getting started tbh.

I’m trying to figure out if we can truly replace VPN for our day to day operations and one of the things I need to figure out is SSH connections: From a local machine (mac/windows/linux) to a remote box (linux) using Cloudflare Zero Trust.

  • I’ve setup a tunnel through the ZeroTrust GUI on my remote box - I’ve got the green ‘Active’ status
  • I have cloudflared installed on a local machine
  • I have managed to get the local machine to display my list of tunnels using cloudflared tunnel list
  • I’m not sure where to go from here?

What I am trying to achieve is what is being done in this Cloudflare demo:
edit: I can’t include links in my post
It’s the Cloudflare video on youtube named : Create SSH connections with Cloudflare Access, youtube id lq7WpGJZvk4

Unfortunately it is now outdated, the interface has changed, the commands don’t work, etc… It’s a shame as this video is very clear and simple.

The steps here kind of make sense for the remote part:
edit: I can’t include links in my post to the Cloudflare developers site :upside_down_face: it’s the page at /cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/

But I don’t want to setup a tunnel locally :thinking: I just want to connect from a local machine. Or do I misunderstand and need two tunnels?

Not being able to post links to actual Cloudflare resources does make this a lot more confusing I apologize.

Both the local and remote box need cloudflared installed. Only the remote box needs to be running the tunnel. Here is a guide from the Cloudflare docs: https://developers.cloudflare.com/cloudflare-one/tutorials/ssh/.

You don’t need to worry about configuring, route or run tunnel if you are using remote managed tunnels (which I suggest you do)

1 Like

Ok - thank you! That was easy enough to follow and I got there in the end.

The only mistake I made was that I obviously also need to pass the credentials to log into the server into the record you add to ~/.ssh/config

Or you get a permission denied

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.