DEV Community

Tyler Smith
Tyler Smith

Posted on • Edited on

SSH into a server behind Cloudflare using an SSH config file

So you've proxied your website's traffic using Cloudflare, and now you can't access your server using ssh user@mydomain.com. I feel your pain. A quick Google search on how to get around this may return recommendations like "just don't proxy your traffic" or "add an unproxied ssh.mydomain.com entry to your DNS." Those suggestions are a bummer, and they negate some of Cloudflare's biggest benefits.

Thankfully there's a better way: you can add the domain as an entry to your ~/.ssh/config file. This post will walk you through how to set this up on a MacOS or Linux machine.

Run the following command in your terminal to open the SSH config file in Nano:

nano ~/.ssh/config
Enter fullscreen mode Exit fullscreen mode

Go to the first empty line of the file and insert the following, replacing the domain and IP address with your own:

Host mydomain.com
     HostName 151.101.2.217
Enter fullscreen mode Exit fullscreen mode

Save the file by pressing ctrl + o, then press enter to save. You can then exit by typing ctrl + x.

Now you can SSH into the server using its domain name, just like you could before you proxied it with Cloudflare.

ssh user@mydomain.com
Enter fullscreen mode Exit fullscreen mode

You may also save your username in the ~/.ssh/config file if you like:

Host mydomain.com
     HostName 151.101.2.217
     User user
Enter fullscreen mode Exit fullscreen mode

This will allow you to ssh into your server with no username:

ssh mydomain.com
Enter fullscreen mode Exit fullscreen mode

Interestingly, you aren't actually required to use a domain name to identify the server in the config file. Instead of Host mydomain.com, it could be Host mydomain, Host something_random or nearly anything else you'd like.

Things to keep in mind

A couple of things to keep in mind: if your server's IP changes, you'll need to change it in your config file as well.

If you're having trouble getting this to work, try opening a new terminal after modifying the config file.

Top comments (5)

Collapse
 
bmitchinson profile image
Ben Mitchinson

Found this, gonna setup my ssh server to be available on an alternate port

this way I can also host a webcam on an alternate port, without disclosing my ip address in dns records :)

bytefreaks.net/applications/cloudf...

Collapse
 
tylerlwsmith profile image
Tyler Smith

That's kind of an interesting approach. I'd be worried that cloudflare changes what ports it exposes in the future, but hopefully they don't!

Collapse
 
paul_allsopp profile image
Paul Allsopp

TL;DR; This post is so far off the mark, and not even remotely true.

This has nothing whatsoever to do with Cloudflare access. This is a common SSH shortcut that has been around for decades.

And this line: "sudo systemctl reload ssh" makes no sense whatsoever.

ssh is a client app. sshd is a server app. There are no services to client apps.

Furthermore, if you can't ssh to a system that's been added to Cloudflare, nothing on your end is going to solve it. Cloudflare is actively blocking you, meaning you need to go configure CF to let you through.

Collapse
 
hosseinf profile image
Farnia

Hello

I have created *.domain.com with cloudflare and have given this to users to connect to ssh. (Each user have different subdomain).

But I have to turn off cludflare proxy.
Is there any way to turn on the proxy, so users will be able to connect to ssh through cloudflare.

I have tested the method above, but I couldn't connect through cloudflare when the proxy is on.

Collapse
 
strausmann profile image
Björn Strausmann

You can try to use teleport