Continuing from the setup of a home server using Cloudflare Tunnel, the next step is enabling SSH access so the device can be accessed remotely. Normally, SSH access is done using ssh user@ip-address. However, as explained in the previous article, the server uses a dynamic IP address, which means the IP can change at any time.
To solve this, the SSH setup must use an address that does not change. Cloudflare Tunnel makes this possible by allowing SSH access through a domain name instead of an IP address. With this configuration, SSH access can be done using ssh user@domain.
Verify Cloudflare Tunnel status
Ensure that the Cloudflare Tunnel is active and its status is shown as Healthy in the Cloudflare Zero Trust dashboard.Edit the tunnel configuration
Click Edit on the active tunnel, then navigate to Published Application Routes.Add a new published application route
Click Add a published application route to create a new route for SSH access.
- Configure the SSH route
- Subdomain: Use an unguessable subdomain for better security. For this example, use ssh.
- Domain: Select the active domain, which in this case is nevatal.tech.
- Service Type: Select SSH.
- URL: Set the URL to localhost:22, the default SSH port.
The next step is to secure SSH access by configuring Access Control.
Open Access Control
Go to Access Control and select Applications.Choose the application type
Select Self-Hosted as the application type, since the server is a self-hosted device.Set the application name
Enter an Application Name of your choice. For clarity, you can use a name such as ssh-server.Configure the session duration
Set the Session Duration as needed. This controls how long a user can remain logged in before being required to reauthenticate.
And then Add the public hostname using the subdomain and domain configured earlier. In this case, the hostname is ssh.nevatal.tech.
After that, you need to create an Access Policy. This is done under Access Policies and is used to define who is allowed to access your SSH service.
Create a new policy
Create a new policy and fill in the Basic Information.Set the policy name and action
Enter a Policy Name of your choice. In this example, use john-access.
Set the Action to Allow, since this policy is intended to permit SSH access.Configure the session duration
Set the Session Duration to any value you prefer, or choose the same duration as the application session timeout. In this case, it is set to 24 hours.Add access rules
Add Rules to define who is allowed to access the SSH service.Choose the authentication method
For the Selector, choose the authentication method you want to use. In this example, select Email.Add the allowed email address
Enter John’s email address to grant him access to the SSH service.
After that you can access it from browser by input the link of ssh to the browser search in my case that is ssh.nevatal.tech
Step 1: Input the User Login
Enter the username that will be used to access the server.
Step 2: Fill in the Password
Provide the password for the user, then proceed. In this step, you can also input your private key; however, for this setup, I will sign in using a password.
Step 3: SSH Browser Rendering Appears
After enabling Browser Rendering, the SSH Browser Rendering option will appear.
You can now run commands and interact with your server through a terminal-like interface directly in the browser using SSH.
Conclusion
With this setup, SSH access to the home server is now available without relying on a static IP address. By combining Cloudflare Tunnel, a dedicated SSH route, and Access Control policies, the server can be accessed securely using a domain name instead of an IP.
Top comments (0)