I have a SSH server on a local network, and the server is running cloudflared. With Access for Infrastructure, I have to manually specify the IP of the server both to create the target and connect to it from a client. However, when connecting via SSH with browser rendering or self-managed keys, I can connect with only the hostname and never needing to specify the server’s IP besides in tunnel config (in which I can use localhost:22). Is there no way to have cloudflare manage SSH keys without needing to manually manage the IP of the server in Zero Trust’s dashboard? The services might have a dynamic IP, but it would be either running cloudflared or accessible via DNS. Is there something I’m missing, and if not, is this feature planned to be added?
Cloudflare currently requires that the target’s IP address be manually added to the Zero Trust dashboard because that’s how the access policies are enforced. This can be tricky, especially when dealing with dynamic IP addresses.
If your server has a dynamic IP, but you can use DNS (which resolves to your server), that can simplify things a little bit, but the Zero Trust dashboard still requires a specific IP to enforce the access policy.
If the only issue is dynamic IPs and you can assign a DNS name to the server, you could set up your server’s DNS to resolve to the correct IP dynamically. However, Zero Trust still needs the target’s IP to establish the access policy, which means you’d still need to update that in the dashboard, or it won’t work.
One possible workaround would be to automate the process of updating the target’s IP using Cloudflare’s API, allowing you to dynamically update the IP of your server whenever it changes.
I am afraid Community cannot confirm any ETA nor specific plans related to handling dynamic IP addresses for SSH targets without manual configuration.
However, as we know Cloudflare is constantly improving and evolving, so it’s possible that they could add more flexibility for handling dynamic IPs in the future.
It would be helpful to check Cloudflare’s official documentation or feature blog announcements for any updates.
Until then, I would suggest you to check Feature Request Submitting & Feedback category for any existing topic onto this case, if not, then kindly add a new topic to the category as a feature request.