How to use Cloudflare’s tunnels(Zero Trust) to connect to the SSH of the intranet PC

This way is free. Except a domain, you don’t need to pay for any service.

You can buy any cheap domain, e.g., .info, .me domains.

It’s the best way to replace frp and ngrok solutions.

To use frp, you have to have your own remote server.

To use ngrok, you have to pay for the fixed subdomain, otherwise it will change everytime you reboot your intranet machine.


  1. Cloudflare account.
  2. Change your domain DNS to cloudflare.
  3. Bind it with you credit or debit card. You don’t need to pay.


  1. Login to Cloudflare.
  2. Go to Cloudflare dashboard. From left sidebar select Zero TrustTunnels.
  3. Click Create a tunnel blue button.
    Cloudflare tunnels
  4. At Select your connector page, select Cloudflared as connector and click Next.
  5. Enter a tunnel name at Name your tunnel page. Any name is fine, you can change later. Then click Save tunnel button.
  6. In Install and run a connector page, select your intranet machine OS. For me, it Debian 64bit, it should be following.

    then click Next button.
  7. In next step, add a Public Hostname, and config it as:
    • Subdomain: can be any string or empty.
    • Domain: select the domain you had binded to cloudflare.
    • Path: (keep blank)
    • Type: SSH
    • URL: localhost:22
      Then click Save hostname.
  8. Next, you need to install cloudflared to your client machine (the one to use to connect the intranet machine).
  9. Edit ~/.ssh/config, add following 2 lines:
    ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
  10. Now you can use ssh to connect to your intranet pc from anywhere.
    ssh <username>

Leave a Reply

Your email address will not be published. Required fields are marked *

Name *