Ssh forwarding over (argo/cloudflare) tunnel w/ cloudflared

jschwalbe · August 5, 2021, 11:58pm

First I must confess, I am pretty new to this and am probably making a very basic error. Thanks for your gentleness.

I’m attempting two things with the Argo Tunnel / Cloudflare Tunnel.

Forward SSH (not using a web browser)
~~2. Forward Home Assistant port a non-standard port~~ EDIT: fixed via Reverse proxy error - #9 by DavidFW1960 - Configuration - Home Assistant Community (was a home assistant config issue, didn’t think to check the HA logs!)
I can’t get ~~either~~ ssh to work.

What does work: I am able to get hello_world to work appropriately.

Changing the config to this:

logDirectory: /var/log/cloudflared

tunnel: ssh
credentials-file: /Users/ob1/.cloudflared/tunnel-id.json

ingress:
  - hostname: ssh.mydomain.com
    service: ssh://localhost:22
  - service: http_status:404

When I try to connect to port 22 from any machine (local or otherwise), it simply hangs and never connects. I feel like this should be a pretty straightforward operation. Have I missed something very basic?

$ telnet ssh.mydomain.com 22
Trying 104.21.26.252...Operation timed out

Thanks

sdayman · August 6, 2021, 12:20am

I believe you need cloudflared installed on the local machine as well. So my .ssh/config looks like this:

Host MYSERVER
	Hostname ssh.example.com
	User root
	ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
	ServerAliveInterval 240

jschwalbe · August 6, 2021, 12:30am

oh, i see. that’s sort of a bummer for accessing things from random computer terminals (probably a scenario i will never encounter). thanks

curious if anyone else has accomplished this without cloudflared on the client… anyone?

sdayman · August 6, 2021, 2:01am

Sure…SSH right to your origin’s IP address.

jschwalbe · August 6, 2021, 2:18am

What? Are you referring to port forwarding? If so, that’s not possible because of CGNAT.

nuno.diegues · August 6, 2021, 7:16am

@jschwalbe you have 2 ways:

with cloudflared in the client, as per https://developers.cloudflare.com/cloudflare-one/tutorials/gitlab
or with WARP in the client, as per https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel

As you’ll see, 1 tends to get a bit more in the way than 2. In fact, 2 can be seen as more powerful. You get the choice of what to use.

jschwalbe · August 6, 2021, 11:57am

That is quite helpful to know, thank you so much!

sdayman · August 6, 2021, 12:49pm

Unfortunately, OP wants a “software-free” solution so they can do this from “random computers”. It appears they’re out of luck.