Trouble with basic SSH/TCP tunnel set up

I was able to confirm that I could run a tunnel for a standard HTTP connection. But I’m having trouble tunneling SSH.

When I run /opt/homebrew/bin/cloudflared access ssh --hostname my-url
I’m getting this error: "failed to connect to origin error=“websocket: bad handshake”

Interestingly, that error comes up whether or not I’m running cloudflared tunnel run my-tunnel.

I do notice that in the error message, it mentions that the originURL mentions “https”. Why is http(s) mentioned at all? I would think that the cloudflared program on my client would directly try to see if ssh was running on my-url.

I’m assuming that the way to use SSH is by putting the url to ssh:// in ~/.cloudflared/config.yml, is that right? There aren’t any other places that I’ve specified that the protocol to use is SSH.

I also tried setting up TCP. On the host I ran: cloudflared tunnel --hostname my-url--url tcp://localhost:7000, and on the client I ran cloudflared access tcp --hostname my-url--url localhost:7000. I then used nc -l 7000 on the host and nc localhost 7000 on the client. Communication did not go through. Though there were no error messages.

Maybe there’s a DNS problem? I don’t see what the DNS entries should be from either of these guides:


Though in the second guide, the zero-trust dashboard will be auto-creating a DNS entry for you. Specifically, it’s this section:

Note that this second guide isn’t a full guide – it never tells you to run cloudflared on the host. Anyways, by following this guide, you’ll end up with a subdomain CNAME. Is that right? I’ve seen some other DNS settings for TCP, like in this guide:

I also notice when I run cloudflared access login my-url, I get the error failed to find Access application at my-url. Is there supposed to be some http authentication layer running in front of TCP/SSH? I don’t really understand what’s supposed to be happening.

1 Like

Agreed, the documentation needs to be updated for the recent updates to Cloudflared for properly setting up SSH on the tunnel. I’m also getting the “failed to find Access application at” error unless I’m connected using the ZeroTrust Gateway connection with Warp.

I gave up trying to find a solution here fwiw. I was simply not able to make a TCP connection with Cloudflare tunnels.