Fun and games – Cloudflare and SSH

As I mentioned in a recent post, one of my sites, a WordPress site to help a friend sell their house, got hammered with xml-rpc requests. It didn’t get hacked, but it did bring apache to a painful halt, and filled the memory.

To prevent that, I setup Cloudflare in front of it, to act as a CDN and a way to prevent it from being attacked. Thus, in the future, I should be able to regain control without too much pain and suffering.

However, I discovered one minor issue. Since I pretty much use ssh to login to the droplet almost daily, I quickly discovered that just didn’t work.

At first, I was scratching my head, thinking that I messed something up majorly. Then I recalled that I had switched to Cloudflare for my DNS and CDN, and it clicked. Alas, how they work is they hide your IP address, and then use the magic of their service to serve up your cracking good jams.

Unfortunately, the ssh request gets routed to the wrong ip address, and naturally, no response.

Not being able to ssh into my server is a really bad thing. But how to work around it?

First I tried to set a local hosts file to override the DNS, but that didn’t work. Bummer.

Second, I can ssh if I use the dotted quad IP address. It works, but, I am too old to remember that many dotted quads.

Third, and the one that I am using is to create a cname that points a prefix to the original address (in this case, I am using ssh so will point to the TLD, and then I turn off the cloudflare redirect. Not optimal, but it works. It does leave me somewhat vulnerable, but alas, not many attack vectors happen to the subdomains.