When you try to connect via ssh on a domain for which you are using CloudFlare as a HTTP proxy, you will get the following error:
$ ssh [email protected] ssh_exchange_identification: Connection closed by remote host
You have a few options to resolve for this issue:
- Either connect directly to the
IPof the machine. - Or, setup a
CNAMErecord with noHTTP proxyfor theSSH(so that you do not need to remember theIP).
This solution does not offer any additional benefits than connecting directly to theIPof the server.
To do that, you need to visit the configureDNSpage for your site: e.g.https://www.cloudflare.com/a/dns/example.com,
then create theCNAMEnamedssh, use as target your domain (e.g.example.com) and disableHTTP proxyby clicking on the orange cloud and making it gray
before pressing the Add Recordbutton.
Then, you will be able to connect viassh [email protected]. - Last solution but not least is configuring your server to listen for
SSHon one of the ports ofCloudFlarethat are open.
When this post was written, the following ports were available/open for any site inCloudFlare:
For requests made viaHTTP:80 8080 8880 2052 2082 2086 2095
For requests made via
HTTPS:443 2053 2083 2087 2096 8443
At the time, we were using an
Ubuntu GNU/Linuxserver, to instructUbuntu SSHDto listen to multiple ports we edited the file/etc/ssh/sshd_configand right after the lines:# What ports, IPs and protocols we listen for Port 22
we added another line with the new port we wanted to use:
# What ports, IPs and protocols we listen for Port 22 Port 2053
After restarting the service
service ssh restart;
we were able to connect to our page as follows:
ssh -p 2053 [email protected];
This post is also available in: Greek
Pingback: Ubuntu SSHD listen to multiple ports – Bytefreaks.net
The last method doesn’t work anymore.
I’ve tried it with port 8880 and 2053 already.
“`
debug1: Connecting to hoot.town [] port 2053.
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.7
debug1: ssh_exchange_identification: HTTP/1.1 400 Bad Request
debug1: ssh_exchange_identification: Server: cloudflare
debug1: ssh_exchange_identification: Date: Sun, 06 May 2018 15:38:56 GMT
debug1: ssh_exchange_identification: Content-Type: text/html
debug1: ssh_exchange_identification: Content-Length: 171
debug1: ssh_exchange_identification: Connection: close
debug1: ssh_exchange_identification: CF-RAY: –
debug1: ssh_exchange_identification:
debug1: ssh_exchange_identification:
debug1: ssh_exchange_identification: 400 Bad Request
debug1: ssh_exchange_identification:
debug1: ssh_exchange_identification: 400 Bad Request
debug1: ssh_exchange_identification: cloudflare
debug1: ssh_exchange_identification:
debug1: ssh_exchange_identification:
ssh_exchange_identification: Connection closed by remote host
“`
I can confirm this doesn’t work. While it says on https://developers.cloudflare.com/fundamentals/get-started/network-ports that it should be possible, but this article says to use Cloudflare spectrum for protocols like ssh https://support.cloudflare.com/hc/en-us/articles/200169626.
Another possibility is https://unix.stackexchange.com/questions/190490/how-to-use-ssh-over-http-or-https I already use https://github.com/shellinabox/shellinabox to run some quick server commands.