So you've proxied your website's traffic using Cloudflare, and now you can't access your server using
ssh email@example.com. I feel your pain. A quick Google search on how to get around this may return recommendations like "just don't proxy your traffic" or "add an unproxied ssh.mydomain.com entry to your DNS." Those suggestions are a bummer, and they negate some of Cloudflare's biggest benefits.
Thankfully there's a better way: you can add the domain as an entry to your
~/.ssh/config file. This post will walk you through how to set this up on a MacOS or Linux machine.
Run the following command in your terminal to open the SSH config file in Nano:
Go to the first empty line of the file and insert the following, replacing the domain and IP address with your own:
Host mydomain.com HostName 188.8.131.52
Save the file by pressing ctrl + o, then press enter to save. You can then exit by typing ctrl + x.
Now you can SSH into the server using its domain name, just like you could before you proxied it with Cloudflare.
You may also save your username in the
~/.ssh/config file if you like:
Host mydomain.com HostName 184.108.40.206 User user
This will allow you to ssh into your server with no username:
Interestingly, you aren't actually required to use a domain name to identify the server in the config file. Instead of
Host mydomain.com, it could be
Host something_random or nearly anything else you'd like.
Things to keep in mind
A couple of things to keep in mind: if your server's IP changes, you'll need to change it in your config file as well.
If you're having trouble getting this to work, try opening a new terminal after modifying the config file. If you're on Linux and still having trouble, try restarting your ssh daemon using
sudo systemctl reload ssh.
Top comments (3)
Found this, gonna setup my ssh server to be available on an alternate port
this way I can also host a webcam on an alternate port, without disclosing my ip address in dns records :)
That's kind of an interesting approach. I'd be worried that cloudflare changes what ports it exposes in the future, but hopefully they don't!
You can try to use teleport