====== SSH via Cloudflare Tunnel ======

**DEPRECATED:** This guide is no longer relevant for folk.zone. The nitro server uses direct SSH access instead of Cloudflare tunnels.

Access the server securely over SSH from anywhere — no open inbound ports required.

===== Setup =====

**1. Install cloudflared on the client machine** (laptop/remote machine, not the server).

**2. Add to ''~/.ssh/config'' on the client:**

<code>
Host brennan-ssh
    Hostname ssh.folk.zone
    User brennan
    ProxyCommand cloudflared access ssh --hostname %h
    IdentityFile ~/.ssh/id_ed25519
</code>

**3. Connect:**

<code bash>
ssh brennan-ssh
</code>

===== How It Works =====

''cloudflared access ssh'' acts as a ProxyCommand — it opens a Cloudflare Access tunnel for the SSH connection. Traffic is end-to-end encrypted and routed through Cloudflare's edge, with no inbound ports open on the server.

===== Benefits =====

  * No public IP required
  * DDoS protection via Cloudflare
  * Works from any network
  * End-to-end encrypted

===== Note on Current Setup =====

The current homelab is LAN-only (''ssh brennan@192.168.1.65'') since it's on the home network. This technique is most valuable for a VPS or when connecting remotely.

===== See Also =====
  * [[terminal:tools:start|Terminal Tools Index]]

  * [[folkzone:services:cloudflared|Cloudflare Tunnel]]
  * [[terminal:tools:ssh_homelab|SSH — Homelab Server]]
  * [[terminal:start|Return to terminal]]