So you've proxied your website's traffic using Cloudflare, and now you can't access your server using ssh user@mydomain.com
. I feel your pain. A quick Google search on how to get around this may return recommendations like "just don't proxy your traffic" or "add an unproxied ssh.mydomain.com entry to your DNS." Those suggestions are a bummer, and they negate some of Cloudflare's biggest benefits.
Thankfully there's a better way: you can add the domain as an entry to your ~/.ssh/config
file. This post will walk you through how to set this up on a MacOS or Linux machine.
Run the following command in your terminal to open the SSH config file in Nano:
nano ~/.ssh/config
Go to the first empty line of the file and insert the following, replacing the domain and IP address with your own:
Host mydomain.com
HostName 151.101.2.217
Save the file by pressing ctrl + o, then press enter to save. You can then exit by typing ctrl + x.
Now you can SSH into the server using its domain name, just like you could before you proxied it with Cloudflare.
ssh user@mydomain.com
You may also save your username in the ~/.ssh/config
file if you like:
Host mydomain.com
HostName 151.101.2.217
User user
This will allow you to ssh into your server with no username:
ssh mydomain.com
Interestingly, you aren't actually required to use a domain name to identify the server in the config file. Instead of Host mydomain.com
, it could be Host mydomain
, Host something_random
or nearly anything else you'd like.
Things to keep in mind
A couple of things to keep in mind: if your server's IP changes, you'll need to change it in your config file as well.
If you're having trouble getting this to work, try opening a new terminal after modifying the config file.
Top comments (5)
Found this, gonna setup my ssh server to be available on an alternate port
this way I can also host a webcam on an alternate port, without disclosing my ip address in dns records :)
bytefreaks.net/applications/cloudf...
That's kind of an interesting approach. I'd be worried that cloudflare changes what ports it exposes in the future, but hopefully they don't!
TL;DR; This post is so far off the mark, and not even remotely true.
This has nothing whatsoever to do with Cloudflare access. This is a common SSH shortcut that has been around for decades.
And this line: "sudo systemctl reload ssh" makes no sense whatsoever.
ssh is a client app. sshd is a server app. There are no services to client apps.
Furthermore, if you can't ssh to a system that's been added to Cloudflare, nothing on your end is going to solve it. Cloudflare is actively blocking you, meaning you need to go configure CF to let you through.
Hello
I have created *.domain.com with cloudflare and have given this to users to connect to ssh. (Each user have different subdomain).
But I have to turn off cludflare proxy.
Is there any way to turn on the proxy, so users will be able to connect to ssh through cloudflare.
I have tested the method above, but I couldn't connect through cloudflare when the proxy is on.
You can try to use teleport