受欢迎的博客标签

Intranet Penetration- Creating an SSH Tunnel using Cloudflare Argo and Access

Published

Home assisant remote call

Linux, Raspberry Pi

I had always wanted to access my home server, running on a Raspberry Pi 4, from outside the local network. The most straightforward answer seemed to be getting a static IP from the ISP; however, both of my ISPs did not help me with that. I forgot about it for a while but when I flashed my Pi a couple of days ago I knew that I had to do it. Being able to SSH and rsync into my Pi on the fly is pretty cool! Today we will learn how to create an SSH Tunnel using Cloudflare’s Argo and Access.

I tried this script to update the Cloudflare DNS records with my public IP. In addition to the script, I used crons to automically handle updates every minute, but it did not work. It turns out that my ISPs are using CGNAT and I have to create port forwarding rules in ISP’s router for this method to work, which will never be allowed. I came across Cloudflare Argo which lets you tunnel services running locally to Cloudflare.

https://danishshakeel.me/creating-an-ssh-tunnel-using-cloudflare-argo-and-access/

 

cloudflare默认支持的端口如下:

https://developers.cloudflare.com/fundamentals/reference/network-ports/

Ports supported by Cloudflare, but with caching disabled

2052
2053
2082
2083
2086
2087
2095
2096
8880
8443

 

当域名通过Cloudflare代理(橙色云)时,无法使用域名进行SSH。

在使用Cloudflare时,有几种方法可以让你使用域名进行SSH:

编辑你的系统主机文件,将域名指向实际的IP
域名上没有Cloudflare代理

Cloudflare访问隧道
Cloudflare Spectrum  收费,需要购买cloudflare的Spectrum服务