SSH into private machines from anywhere using Cloudflare Tunnel

(orth.uk)

319 points SpaghettiX | 3 comments | 10 Feb 22 09:18 UTC | HN request time: 0s | source

Show context

marginalia_nu ◴[10 Feb 22 11:18 UTC] No.30284730[source]▶

> Each port is also limited to a single machine, so you'd have to choose a different port for a different machine.

I would probably set up one gateway machine, and then from that machine log into other machines on the network; instead of exposing them all to the Internet. SSH allows you to chain logins thus:

  ssh -A -t user@public-gateway ssh -A -t user2@server-behind-dmz

It's a lot less work to lock down one machine really tight enough to expose them to the public Internet than to do it on the entire network.

replies(4): >>30284739 #>>30285263 #>>30285565 #>>30286600 #

1. jgtrosh ◴[10 Feb 22 11:20 UTC] No.30284739[source]▶

>>30284730 #

Use -J or ProxyJump in .SSH/config for a modern equivalent

replies(2): >>30284747 #>>30291309 #

2. marginalia_nu ◴[10 Feb 22 11:21 UTC] No.30284747[source]▶

>>30284739 (TP) #

I guess my bash aliases are a bit oldfashioned :P

3. lxgr ◴[10 Feb 22 19:34 UTC] No.30291309[source]▶

>>30284739 (TP) #

Yes, please only use this!

The big advantage of this (over ssh user@host1 ssh user@host2) is that the jump host only sees the encrypted inner connection – it doesn't get access to the client's SSH agent/keychain, nor to the target host (host2) or data transmitted over the connection.

↑