DEPRECATED: This guide is no longer relevant for folk.zone. The nitro server uses direct SSH access instead of Cloudflare tunnels.

Access the server securely over SSH from anywhere — no open inbound ports required.

1. Install cloudflared on the client machine (laptop/remote machine, not the server).

2. Add to ~/.ssh/config on the client:

Host brennan-ssh
    Hostname ssh.folk.zone
    User brennan
    ProxyCommand cloudflared access ssh --hostname %h
    IdentityFile ~/.ssh/id_ed25519

3. Connect:

ssh brennan-ssh

cloudflared access ssh acts as a ProxyCommand — it opens a Cloudflare Access tunnel for the SSH connection. Traffic is end-to-end encrypted and routed through Cloudflare's edge, with no inbound ports open on the server.

• No public IP required
• DDoS protection via Cloudflare
• Works from any network
• End-to-end encrypted

The current homelab is LAN-only (ssh brennan@192.168.1.65) since it's on the home network. This technique is most valuable for a VPS or when connecting remotely.

• Terminal Tools Index

• Cloudflare Tunnel
• SSH — Homelab Server
• Return to terminal