cloudflared is setup on a device (raspberry pi) and I have been using it successfully to access websites hosted there through a Cloudflare tunnel. I would like to get ssh working over the tunnel from a mac. I followed the tutorial, but have been unable to get it to work:
bash-3.2$ ssh [email protected]
2022-02-14T19:35:42Z ERR failed to connect to origin error=“websocket: bad handshake” originURL=https://ssh.aohomedesign.com
websocket: bad handshake
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
Thanks for the link. I checked the items in the troubleshooting list and they all look good:
“Your cloudflared tunnel is either not running or not connected”
[tunnel is up and connected, I am able to use the tunnel for http requests]
cloudflared tunnel info mytunnel
CREATED: 2022-02-08 17:21:47.094025 +0000 UTC
CONNECTOR ID CREATED ARCHITECTURE VERSION ORIGIN IP EDGE
e314518c-e750-4fc6-bcda-541ddbc4feb5 2022-02-14T20:59:52Z linux_arm 2022.2.0 188.8.131.52 2xBOS, 2xPHL
“WebSockets are not enabled”
[websockets are enabled]
“Your Cloudflare account has Universal SSL enabled and the SSL/TLS encryption
mode is set to Off. To resolve, set the SSL/TLS encryption mode to any
setting other than Off.”
[SSL/TLS encryption mode is Flexible]
“Your requests are blocked by Super Bot Fight Mode.
To resolve, make sure you set Definitely automated to Allow in the bot
fight mode settings.”
I will look through the rest of the troubleshooting articles, but so far, no luck: http works, but ssh does not.
I’m having the same issue. I upgraded from 2020.5.1 to 2022.2.0, converted my config to the new ingress scheme. Same error as OP.
- hostname: myhost-ssh.mydomain.net
- service: http_status:404
Is there a way to get debug info from cloudflared? I suspect there is an issue with cloudflared, but I am unable to get any additional info to make progress.
To test this, I ran a new instance of sshd, in debug mode using port 2222, and reconfigured cloudflared recognize this port. Viewing the command line output on the origin, I can see that the sshd is never receiving the connect request. In addition, the ssh command is failing immediately on the mac.
I need to see the detailed logs from the cloudflared to make any progress on this. I appreciate your help.
How about trying the SSH in-browser as per https://developers.cloudflare.com/cloudflare-one/tutorials/ssh-browser ?
It would be a way to start and minimize the problem surface since you would not have to use cloudflared access on the user side.
Thanks for getting back to me. I followed the tutorial and got the following screen:
Is there any log in cloudflared tunnel when this happens?
If not, can you run with
loglevel: debug and repeat?
I typed the following at the origin:
cloudflared tunnel --loglevel debug
2022-02-17T14:40:55Z DBG Loading configuration from /etc/cloudflared/config.yml
cloudflared tunnel run to start tunnel 78d9fbef-e7fb-440d-a735-0ca82153e285
I then tried to access ssh via the browser, as above, with the same result. Can you tell me how to access the logs? Is there anything else I need to do (restart cloudflared?)
When I use:
sudo journalctl -u cloudflared -f
I see no new entries in the log.
@tgraf2 I noticed my DNS for the tunnel was missing. So I added it back via these steps. https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/routing-to-tunnel/dns#route-traffic-from-the-command-line
I’ve got loglevel: trace in my config file and I can see the connection coming in but it hangs and does nothing. Still investigating…
Yes this fixed it for me.
Also, make sure your ingress is:
I definitely have a DNS record for ssh:
and I have added the following to the config.yml file:
I then restarted cloudflared, but I don’t see a log. What I missing something?
Yes, the ssh entry in config.yml is:
ssh, port 22
so that seems ok too.
I tested the ingress rule as shown below:
cloudflared tunnel ingress rule https://ssh.aohomedesign.com
Using rules from /etc/cloudflared/config.yml
Matched rule #3
service: HTTP 404
So, the ssh rule appears to be the problem, but I have not been able to find the problem.
I found the problem: the file /etc/cloudflared/config.yml was not getting updated (I was updating ~/Cloudflare/config.yml). Things are working now.
Thanks - This fixed my problem for a Cloudflare tunnel with AWS Linux EC2
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.