r/CloudFlare: Can't setup ssh access

r/CloudFlare: Can't setup ssh access
💡
This article archives a conversation, which took place in a subreddit post (original source linked below) and to which I contributed a solution or answer (with the u/MasterofSynapse handle), in a Q&A format.

Original Reddit post: https://www.reddit.com/r/CloudFlare/comments/yruzwb/cant_setup_ssh_access/

Question

Hi guys!

I have starlink as my provide which makes it hard to setup services to the outside. I found that cloudflare can help you with this, but I really can't get it to work. Right now it is SSH access I'm struggling with.

I have setup a tunnel using both docker and a local install on my arch Linux machine, but neither work. The weird thing is that the tunnel works fine if I setup a Http service. I then add a SSH service and I have tried pointing to both localhost:22 or its local ip 192.168.0.6:22, but I can't get it to work. If I try with an ssh client, I get nothing. If I try with ssh.<domain> in a browser, I do get a connection in the sshd log, buy it immediately fails with:

Nov 10 17:08:05 spongebob sshd[463365]: rexec line 111: Deprecated option UsePrivilegeSeparation Nov 10 17:08:05 spongebob sshd[463365]: error: kex_exchange_identification: Connection closed by remote host Nov 10 17:08:05 spongebob sshd[463365]: Connection closed by 192.168.0.6 port 42042

No idea whats going on, but I expect that cloudflare is doing some proxy magic somewhere so the client wont work, but I don't know about the browser...

Answer

The easiest solution to your problem is to configure an Access Application and use the SSH browser rendering.

With that, you can point any web browser (mobile should work as well) to the DNS name you want to use for SSH access and connect to your server.

Alternatively, what port did you specify when you tried to connect via SSH through an SSH client? 22 or 443? Since Cloudflare proxies everything through HTTPS by default, 22 won't help you, but 443 should work.