SSH into a server behind Cloudflare using an SSH config file

So you've proxied your website's traffic using Cloudflare, and now you can't access your server using ssh user@mydomain.com. I feel your pain. A quick Google search on how to get around this may return recommendations like "just don't proxy your traffic" or "add an unproxied ssh.mydomain.com entry to your DNS." Those suggestions are a bummer, and they negate some of Cloudflare's biggest benefits.

Thankfully there's a better way: you can add the domain as an entry to your ~/.ssh/config file. This post will walk you through how to set this up on a MacOS or Linux machine.

Run the following command in your terminal to open the SSH config file in Nano:

nano ~/.ssh/config

Go to the first empty line of the file and insert the following, replacing the domain and IP address with your own:

Host mydomain.com
     HostName 151.101.2.217

Save the file by pressing ctrl + o, then press enter to save. You can then exit by typing ctrl + x.

Now you can SSH into the server using its domain name, just like you could before you proxied it with Cloudflare.

ssh user@mydomain.com

You may also save your username in the ~/.ssh/config file if you like:

Host mydomain.com
     HostName 151.101.2.217
     User user

This will allow you to ssh into your server with no username:

ssh mydomain.com

Interestingly, you aren't actually required to use a domain name to identify the server in the config file. Instead of Host mydomain.com, it could be Host mydomain, Host something_random or nearly anything else you'd like.

Things to keep in mind

A couple of things to keep in mind: if your server's IP changes, you'll need to change it in your config file as well.

If you're having trouble getting this to work, try opening a new terminal after modifying the config file. If you're on Linux and still having trouble, try restarting your ssh daemon using sudo systemctl reload ssh.