Cloudflare SSH Setup

Cloudflare Setup

This short Setup shows how to Setup Cloudflare SSH Access when cloudflared is already installed.

1. create a new sshd Config for Cloudflare:

   sh code snippet start

   sudo nano /etc/ssh/sshd_config.d/90-cloudflare.conf

   sh code snippet end

   Add:

   code snippet start

   PasswordAuthentication no
   PubkeyAuthentication yes
   TrustedUserCAKeys /etc/ssh/ca.pub

   code snippet end

2. Add the generated Public Key from Cloudflare Get the key from Zero Trust > Access > Service auth > SSH > Generate certificate Write it into /etc/ssh/ca.pub Ensure it has the correct rights:

   code snippet start

   sudo chmod 600 /etc/ssh/ca.pub

   code snippet end

3. Reload ssh

   code snippet start

   sudo systemctl reload ssh

   code snippet end

optional step

4. Allow passwordless sudo because there are no passwords

   sh code snippet start

   sudo visudo

   sh code snippet end

   replace %sudoline with

   code snippet start

   %sudo   ALL=(ALL:ALL) NOPASSWD: ALL

   code snippet end

5. Create users like this

   sh code snippet start

   export NEW_USER=username
   sudo useradd -m -s /bin/bash $NEW_USER
   sudo usermod -aG sudo $NEW_USER
   sudo usermod -aG docker $NEW_USER

   sh code snippet end

See

• https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/
• https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/