Hi there,
I’m trying to enable Cloudflare Access on my account, in order to restrict SSH access to a server using cloudflared. I added my domain (let’s say it’s example.org) to Cloudflare and I want to create a tunneled connection at ssh.example.org.
From the dashboard, I clicked the “Access” button and then “Enable Access”. The first time I had to subscribe to a plan and I chose the Free one. I then entered my PayPal account as my payment method.
Now, the “Plan” section shows a blue check mark next to the Free plan and my PayPal account is also listed in the billing screen. However, if I go to Access > Overview or Access > Applications it says “Access is not enabled”. I’m providing some screenshots below.
I tried to go back to the Dashboard and repeat the process. The Access section, from the domain management screen, still shows “Enable Access” as if I had not enabled it at all. Clicking on it again now brings me back to the Cloudflare for Teams dashboard in the same status as in the screenshots, except my payment method and chosen plan are already there.
For testing purposes, I tried to start the cloudflared tunnel on the server and, on my client machine, I tried to access my dedicated domain with the command ssh ssh.example.org and my ~/.ssh/config having the following content:
Host ssh.example.org
IdentityFile ~/.ssh/mykey
ProxyCommand cloudflared access ssh --hostname %h
and it does let me through. The issue is that on this client machine I haven’t logged in to my Cloudflare account via cloudflared at all so technically anyone with the SSH key could access my server, with Cloudflare Access’s policy mechanism being out of the equation entirely. I assume this is because I haven’t configured any policies yet, due to my issues enabling Cloudflare Access, as explained in this post.
Any help?