Before we start, let's break down what we're doing:
- Cloudflare Tunnel: This is a service provided by Cloudflare that creates a secure tunnel between your server and the internet.
- SSH: This is a protocol that allows you to securely connect to your server and run commands remotely.
By combining these two, we'll be able to access your Linux system remotely, even if it's behind a firewall or has a dynamic IP address.
- If you don't have one, sign up for a free Cloudflare account.
- Download the
cloudflared
binary for your Linux distribution from the Cloudflare website. - Follow the installation instructions for your specific distribution.
- Run the following command to generate a tunnel token:
echo "Running: cloudflared tunnel login" cloudflared tunnel login
- Follow the on-screen instructions to create a tunnel.
- On Debian/Ubuntu:
echo "Installing OpenSSH server on Debian/Ubuntu" sudo apt install openssh-server
- On CentOS/RHEL:
echo "Installing OpenSSH server on CentOS/RHEL" sudo yum install openssh-server
- Start the SSH service:
echo "Starting SSH service" sudo systemctl start ssh
- Enable the SSH service to start automatically on boot:
echo "Enabling SSH service to start on boot" sudo systemctl enable ssh
- If you have a firewall (like
ufw
orfirewalld
), you'll need to allow incoming SSH connections.- For
ufw
:echo "Allowing SSH through ufw firewall" sudo ufw allow ssh
- For
firewalld
:echo "Allowing SSH through firewalld" sudo firewall-cmd --permanent --zone=public --add-port=22/tcp echo "Reloading firewalld configuration" sudo firewall-cmd --reload
- For
- Go to the Zero Trust > Tunnels section.
- Click "Create a Tunnel."
- Choose "Cloudflared" as the connection method.
- Under the tunnel settings, click "Add a Public Hostname."
- Enter a desired hostname (e.g.,
ssh.yourdomain.com
). - Set the service type to "SSH."
- Set the service to point to
localhost:22
.
- Run the following command in your terminal:
echo "Starting Cloudflared tunnel" cloudflared tunnel run
- Use an SSH client (like
ssh
or a terminal emulator) to connect to the public hostname you created in step 3c:echo "Connecting to the Linux system via SSH" ssh [email protected]
- Replace
user
with your username on the Linux system.
- Security:
- Use strong passwords or SSH keys for authentication.
- Consider using two-factor authentication for added security.
- Firewall Rules:
- Ensure that your firewall rules allow traffic to the port where Cloudflared is listening.
- Cloudflare Access:
- For advanced security, you can integrate Cloudflare Access to control access to your SSH tunnel.
By following these steps, you should be able to securely access your Linux system remotely through Cloudflare Tunnel.