Unable to connect to SSH with Access

Hi. I followed a tutorial (https://developers.cloudflare.com/cloudflare-one/tutorials/ssh) trying to proxy my SSH traffic though Cloudflare. I am getting this error:
2021-11-16T23:24:16Z ERR failed to connect to origin error=“websocket: bad handshake” originURL=https://ssh.azamserver.com
websocket: bad handshake
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535

Is there anything I’m doing wrong?

1 Like

DNS Rule:

Cloudflare Access Rule:

Server Config FIle:

Client Config File:

Result of command “cloudflared tunnel list” on server:

Result of command “cloudflared tunnel info ssh” on server:

That doesn’t quite look like my ssh config file:

Host ALIAS
	Hostname ssh.example.com
	User USER
	ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
	ServerAliveInterval 240

Now when I type ssh ALIAS, it connects to the hostname as USER.

I tried this with your hostname and it fired up Browser SSH:

Thats weird. I don’t even have that option enabled.

Actually, I think thats actually the login page, not the SSH in browser page. Let me use your config and see if it works

That is interesting. Now I’m questioning what I saw, but I don’t know what else it would be, since I clearly initiated with with SSH. Here it is:

Yeah, thats what Im supposed to get. I’m just confused on how you got there, and I cant

I got the same errors with these:


I’m trying to remember how I did this before. I have Access Policies to “Bypass” if it’s my home IP address, so the Browser SSH won’t even show up for me because of the Bypass. If I’m away from home, I’d hit the “Allow” rule for my email address and the browser would pop up.

As I think about it, it’s possible that this is just your authentication, and not browser SSH. So if I could authenticate as an Azamserver person, the browser window would be done and I’d resume my session in my terminal window.

1 Like

No. I’m actually receiving the error right when I use the command. I can’t even get to the auth page.

Here’s my config:

Host tester
	Hostname ssh.azamserver.com
	ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h

Using your config, but I’m still getting the same error
Any ideas on how to fix that?
I also believe this issue has something to do with client side. I tried uninstalling and installing cloudflared, but that didn’t work.
I also tried reaching ssh.azamserver.com using my browser, and it worked.

Fixed!

For some reason, my website was blocking my IP for SSH. When I tried using my hotspot for SSH, I was allowed access, but when I used my home internet, I was not allowed access. After figuring this out, I went to my website, clicked “Firewall”, then “Tools”, then “IP Access Rules”, then put my IP in the textbox, then clicked the “Block” dropbox, then clicked “Allow”, then clicked the “This Website” dropbox, clicked “All Websites In This Account”, then saved the rule, and I was allowed access.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.