You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access.mdx
+36-1Lines changed: 36 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -191,7 +191,42 @@ SSH sessions have a maximum expected duration of 10 hours. For more information,
191
191
192
192
## Troubleshooting
193
193
194
-
### `sshd_config` file misconfiguration
194
+
If a user is having difficulty connecting to a target machine, it might be a policy or `sshd_config` file misconfiguration.
195
+
196
+
## 1. Check target machine connection
197
+
198
+
A user may be blocked by a policy from reaching an SSH target because:
199
+
200
+
- An Access policy denies access, or
201
+
- No explicit allow policy exist and Access is set to deny the user by default.
202
+
203
+
As an end user, run [`warp-cli` target list`](/cloudflare-one/applications/non-http/infrastructure-apps/#display-available-targets) to verify if you have access to the target machine.
204
+
205
+
- If the target does not appear, the administrator should check the Access logs to confirm whether a policy is blocking access.
206
+
- If the target appears in the list, the issue is likely with the `sshd_config` file.
207
+
208
+
### 2. Review Access logs
209
+
210
+
:::note
211
+
212
+
You will need Cloudflare dashboard access and log view [permissions](/cloudflare-one/roles-permissions/) to proceed with this step.
213
+
214
+
:::
215
+
216
+
To review if an Access policy is causing connection issues:
217
+
218
+
1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
219
+
2. Go to **Logs** > **Access**.
220
+
3. Select the application you are testing or filter by _Infrastructure_ App Type.
221
+
4. Review the **Decision**. If the **Decision** is not Access granted, select the application and copy the name under App.
222
+
5. Go to **Access** > **Applications**.
223
+
6. Input the app name in the search bar and select the application.
224
+
7. Select **Configure**.
225
+
8. Go to **Policies** to review what criteria may be blocking the user.
226
+
227
+
By editing a [policy](/cloudflare-one/policies/access/) that is explicitly blocking the user or adding a new policy to explicitly allow the user, the connection issue should be resolved. After saving your policy changes, attempt to connect to the target machine as the end user.
228
+
229
+
### 3. Debug `sshd_config` file misconfiguration
195
230
196
231
Failure to connect to your SSH endpoint could be the result of multiple variables. One reason might be the result of a misconfigured `sshd_config` file.
0 commit comments