←back to thread

SSH into private machines from anywhere using Cloudflare Tunnel

(orth.uk)
319 points SpaghettiX | 1 comments | 10 Feb 22 09:18 UTC | HN request time: 0.203s | source
Show context
pabs3 ◴[10 Feb 22 11:23 UTC] No.30284756[source]
You can also do this using the Tor network, by setting up onion services.
replies(1): >>30285240 #
1. southerntofu ◴[10 Feb 22 12:38 UTC] No.30285240[source]
It's much easier, much cheaper, and does not rely on a centralized cloud vendor. Here's how to do it in a few lines:

    apt install tor
    echo HiddenServiceDir /var/lib/tor/myserver\
    HiddenServicePort 22 127.0.0.1:22 >> /etc/tor/torrc
    systemctl restart tor
Now tor is generating the keypair for the server. It will take a few seconds: once that's done, read the onion address from /var/lib/tor/myserver/hostname and you can start using it from the client, either with explicit ssh proxy config or with global client SSH config AutomapHostsOnResolve which enables to transparently map .onion domains to local IPs that the tor daemon will tunnel right over to the onion.

Bonus point: you get automatic certificate verification as part of the onion name itself, and you can also restrict the tor server configuration to allow only specific public keys (those who don't have them will not even reach sshd).