←back to thread

SSH into private machines from anywhere using Cloudflare Tunnel

(orth.uk)
319 points SpaghettiX | 4 comments | 10 Feb 22 09:18 UTC | HN request time: 0.787s | source
1. matthewmacleod ◴[10 Feb 22 11:23 UTC] No.30284757[source]
Tailscale (https://tailscale.com) is a great solution for this use-case. It's also just an absolutely excellent experience overall and I can't say enough nice things about it.
replies(2): >>30284794 #>>30284812 #
2. Thoughtful ◴[10 Feb 22 11:29 UTC] No.30284794[source]
Their documentation is excellent too. Also worth mentioning the open-source derivative: https://github.com/juanfont/headscale
3. punnerud ◴[10 Feb 22 11:32 UTC] No.30284812[source]
Can be used for the same, but serve kind of a different usecase.

Tailscale scan your host for all open ports and open a WireGuard connection between the installed machines. Like every machine is on the same network, even if they are not. Way harder to have a good access control compared to plain SSH. And you don't need extra SW for just SSH.

replies(1): >>30284921 #
4. matthewmacleod ◴[10 Feb 22 11:49 UTC] No.30284921[source]
This article is specifically about using cloudflared to implement a tunnel without exposing anything to the public internet, which is definitionally extra software. Agreed however that Tailscale offers a much wider feature set—while also covering the basic "I want to access my machine from anywhere" use-case—at the cost of exposing an entire machine instead of a single port.