Web Browser SSH Terminal to Homelab with Cloudflare Zero Trust

I'm continuing to discover new and exciting ways to access my Homelab and home network when I'm away or using a device I don't personally manage...in this case, securely, without a VPN or WARP client

generic ssh terminal
Photo by Jake Walker / Unsplash

I'm continuing to discover new and exciting ways to access my Homelab and home network when I'm away or using a device I don't personally manage. Whether you are on your corporate laptop all day, which prohibits VPN's or using a personal device on a corporate or public network that may block VPN or even WARP client access, there is always a way. In a previous post, I talked about how I set up remote private network access using cloudflared tunnels and the WARP client, which is a solution I use every day. Sometimes I cannot use the WARP client, and a solution like this does come in handy. Through the Zero Trust Application setup, when setting up a self-hosted application, there is an option that will render an SSH terminal in your web browser, allowing you to connect directly to your server or device running SSH. Very handy and just plain cool. I'll focus on the app setup and access. Start here if you need to set up zero trust and your private tunnels.

Create a new self-hosted Application

Access -> Applications -> Add an Application

Choose Self-hosted, which requires you to use DNS proxied with Cloudflare
Configure app
Name your app and assign the sub and top-level Domain your app will use
Add policies
Name your Policy and ensure a group is assigned
Additional settings SSH
In Additional settings, select SSH
Applications list
Your new app will be listed in Applications

Add a new public hostname to an existing private tunnel

Access -> Tunnels

Choose an existing tunnel and navigate to the Public Hostname tab. Once submitted, this will create a public CNAME record on the Domain you selected. The CNAME record will reference the tunnel, which will proxy the request to your specified service and port. In this case, an SSH connection to one of my Docker hosts. If you don't have a tunnel set up yet, check out a few of my other posts and head back here to continue.

enter details for public hostname
new hostname shown in list

SSH session up and running

If your configuration is working correctly, you'll be able to navigate to your new application in a new browser tab. You'll first be prompted to authenticate, and once through, enter your SSH credentials, and finally, you'll see the terminal. You can also configure a private key auth here, which I look forward to trying soon.

browser ssh terminal
SSH terminal in the browser over TLS 

Next up, I'm looking forward to trying the VNC support in the browser as well