CloudFlare does not allow port 22 (usual SSH port) on domain 2


When you try to connect via ssh on a domain for which you are using CloudFlare as a HTTP proxy, you will get the following error:

$ ssh [email protected]
 ssh_exchange_identification: Connection closed by remote host

You have a few options to resolve for this issue:

  1. Either connect directly to the IP of the machine.
  2. Or, setup a CNAME record with no HTTP proxy for the SSH (so that you do not need to remember the IP).
    This solution does not offer any additional benefits than connecting directly to the IP of the server.
    To do that, you need to visit the configure DNS page for your site: e.g. https://www.cloudflare.com/a/dns/example.com,
    then create the CNAME named ssh, use as target your domain (e.g. example.com) and disable HTTP proxy by clicking on the orange cloud and making it gray before pressing the Add Record button.

    Then, you will be able to connect via ssh [email protected].
  3. Last solution but not least is configuring your server to listen for SSH on one of the ports of CloudFlare that are open.
    When this post was written, the following ports were available/open for any site in CloudFlare:
    For requests made via HTTP:

    80
    8080
    8880
    2052
    2082
    2086
    2095

    For requests made via HTTPS:

    443
    2053
    2083
    2087
    2096
    8443

    At the time, we were using an Ubuntu GNU/Linux server, to instruct Ubuntu SSHD to listen to multiple ports we edited the file /etc/ssh/sshd_config and right after the lines:

    # What ports, IPs and protocols we listen for
    Port 22

    we added another line with the new port we wanted to use:

    # What ports, IPs and protocols we listen for
    Port 22
    Port 2053

    After restarting the service
    service ssh restart;
    we were able to connect to our page as follows:
    ssh -p 2053 [email protected];

 

This post is also available in: Greek


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 thoughts on “CloudFlare does not allow port 22 (usual SSH port) on domain

  • Lyze

    The last method doesn’t work anymore.

    I’ve tried it with port 8880 and 2053 already.

    “`
    debug1: Connecting to hoot.town [] port 2053.
    debug1: Connection established.
    debug1: identity file /home/user/.ssh/id_rsa type 0
    debug1: key_load_public: No such file or directory
    debug1: identity file /home/user/.ssh/id_rsa-cert type -1
    debug1: Local version string SSH-2.0-OpenSSH_7.7
    debug1: ssh_exchange_identification: HTTP/1.1 400 Bad Request

    debug1: ssh_exchange_identification: Server: cloudflare

    debug1: ssh_exchange_identification: Date: Sun, 06 May 2018 15:38:56 GMT

    debug1: ssh_exchange_identification: Content-Type: text/html

    debug1: ssh_exchange_identification: Content-Length: 171

    debug1: ssh_exchange_identification: Connection: close

    debug1: ssh_exchange_identification: CF-RAY: –

    debug1: ssh_exchange_identification:

    debug1: ssh_exchange_identification:

    debug1: ssh_exchange_identification: 400 Bad Request

    debug1: ssh_exchange_identification:

    debug1: ssh_exchange_identification: 400 Bad Request

    debug1: ssh_exchange_identification: cloudflare

    debug1: ssh_exchange_identification:

    debug1: ssh_exchange_identification:

    ssh_exchange_identification: Connection closed by remote host
    “`