←back to thread

SSH into private machines from anywhere using Cloudflare Tunnel

(orth.uk)
319 points SpaghettiX | 1 comments | 10 Feb 22 09:18 UTC | HN request time: 0s | source
Show context
codingpanic ◴[10 Feb 22 13:16 UTC] No.30285554[source]
I'm under the impression that this is against CloudFlare's ToS, otherwise I'd probably be doing it myself.

See section 2.8 "Limitation on Serving Non-HTML Content." of their subscriber agreement:

use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service.

Last I checked, SSH is non-html content. I even opened a support ticket with their support, specifically asking about SSH and other traffic and this is what I received: So if no matter what service you use, Once you breach this rule it will be applied.

EDIT: Looks like the CloudFlare CTO has clarified things below that this usage does not in fact violate the ToS.

replies(2): >>30285656 #>>30285713 #
jgrahamc ◴[10 Feb 22 13:26 UTC] No.30285656[source]
That's for Cloudflare's CDN/reverse-proxy service.

This is the correct one for Cloudflare Tunnel: https://developers.cloudflare.com/cloudflare-one/connections...

replies(2): >>30286232 #>>30289158 #
neurostimulant ◴[10 Feb 22 14:14 UTC] No.30286232[source]
This seems to be the license for cloudflared. But when you use cloudflared to create a tunnel via cloudflare network, aren't you also bound to Cloudflare's ToS because the software itself is useless without using the service provided by Cloudflare?
replies(1): >>30286264 #
jgrahamc ◴[10 Feb 22 14:17 UTC] No.30286264[source]
I am literally Cloudflare's CTO. I'm pretty sure I know that using Cloudflare Tunnel for SSH isn't a violation of our service.
replies(5): >>30286408 #>>30286471 #>>30286543 #>>30288640 #>>30288786 #
anderspitman ◴[10 Feb 22 16:43 UTC] No.30288786{3}[source]
Hold up. I follow this space closely (I maintain the list of tunneling tools linked in OP). Everybody I've communicated with has been operating under the assumption that section 2.8 applies to Cloudflare Tunnel. See for example my post on another thread yesterday [0]. Are you saying this isn't the case? Is it even possible to use Tunnel without going through the CDN?

[0]: https://news.ycombinator.com/item?id=30259902

replies(1): >>30289572 #
jgrahamc ◴[10 Feb 22 17:29 UTC] No.30289572{4}[source]
What I'm saying is we specifically allow people to use SSH with Cloudflare for Teams: https://developers.cloudflare.com/cloudflare-one/tutorials/s...

The original comment above implied that using SSH with Cloudflare Tunnel was somehow forbidden.

replies(1): >>30289967 #
1. anderspitman ◴[10 Feb 22 17:55 UTC] No.30289967{5}[source]
Ah ok I misread your comment as implying the CDN ToS doesn't apply to Tunnel. It doesn't if you aren't using it (ie SSH), in which case only the Tunnel ToS applies, but otherwise both apply.