Ssh forwarding over (argo/cloudflare) tunnel w/ cloudflared

First I must confess, I am pretty new to this and am probably making a very basic error. Thanks for your gentleness. :slight_smile:

I’m attempting two things with the Argo Tunnel / Cloudflare Tunnel.

  1. Forward SSH (not using a web browser)
    2. Forward Home Assistant port a non-standard port EDIT: fixed via Reverse proxy error - #9 by DavidFW1960 - Configuration - Home Assistant Community (was a home assistant config issue, didn’t think to check the HA logs!)
    I can’t get either ssh to work. :frowning:

What does work: I am able to get hello_world to work appropriately.

Changing the config to this:

logDirectory: /var/log/cloudflared

tunnel: ssh
credentials-file: /Users/ob1/.cloudflared/tunnel-id.json

ingress:
  - hostname: ssh.mydomain.com
    service: ssh://localhost:22
  - service: http_status:404

When I try to connect to port 22 from any machine (local or otherwise), it simply hangs and never connects. I feel like this should be a pretty straightforward operation. Have I missed something very basic?

$ telnet ssh.mydomain.com 22
Trying 104.21.26.252...Operation timed out

Thanks

I believe you need cloudflared installed on the local machine as well. So my .ssh/config looks like this:

Host MYSERVER
	Hostname ssh.example.com
	User root
	ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
	ServerAliveInterval 240
1 Like

oh, i see. that’s sort of a bummer for accessing things from random computer terminals (probably a scenario i will never encounter). thanks

curious if anyone else has accomplished this without cloudflared on the client… anyone?

Sure…SSH right to your origin’s IP address.

What? Are you referring to port forwarding? If so, that’s not possible because of CGNAT.

@jschwalbe you have 2 ways:

  1. with cloudflared in the client, as per https://developers.cloudflare.com/cloudflare-one/tutorials/gitlab
  2. or with WARP in the client, as per https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel

As you’ll see, 1 tends to get a bit more in the way than 2. In fact, 2 can be seen as more powerful. You get the choice of what to use.

That is quite helpful to know, thank you so much!

Unfortunately, OP wants a “software-free” solution so they can do this from “random computers”. It appears they’re out of luck.