Skip to content

[CF1] ZTIA troubleshooting guide #25733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: production
Choose a base branch
from
Open

[CF1] ZTIA troubleshooting guide #25733

wants to merge 4 commits into from
+308 −17

Conversation

deadlypants1973
Copy link
Contributor

Summary

closes #25295
PCX-18789

Screenshots (optional)

Documentation checklist

  • Is there a changelog entry (guidelines)? If you don't add one for something awesome and new (however small) — how will our customers find out? Changelogs are automatically posted to RSS feeds, the Discord, and X.
  • The change adheres to the documentation style guide.
  • If a larger change - such as adding a new page- an issue has been opened in relation to any incorrect or out of date information that this PR fixes.
  • Files which have changed name or location have been allocated redirects.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 9, 2025

This PR requires additional review attention because it affects the following areas:

Partials

This PR updates partial files, which are pieces of content used across multiple files in our Render component.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 9, 2025

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern Owners
/src/content/docs/cloudflare-one/applications/ @kennyj42, @ranbel, @cloudflare/pcx-technical-writing
/src/content/docs/cloudflare-one/connections/connect-networks/ @nikitacano, @ranbel, @cloudflare/pcx-technical-writing
* @cloudflare/pcx-technical-writing

nikitacano
nikitacano reviewed Oct 9, 2025
View reviewed changes
...docs/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access.mdx

To check the status of your Tunnel:

1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Networks** > **Routes**.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Routes are displayed in the main UI at Networks > Tunnels. Is there any reason why we're not making use of it and are introducing an extra step?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nikitacano step 1 above involves looking at the IP of the target, step 2 continues by finding the name of the tunnel that's associated with the IP. We have to assume that the user may not know the exact name of the tunnel. If we jump straight to Tunnels page, they're missing the IP component - which is not completely visible nor searchable on the Tunnels page, but is searchable in the Routes page.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 9, 2025
edited
Loading

Preview URL: https://32d473eb.preview.developers.cloudflare.com
Preview Branch URL: https://kate-fixes-sshd-troubleshooting.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link Updated Link
https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/ https://kate-fixes-sshd-troubleshooting.preview.developers.cloudflare.com/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/
https://developers.cloudflare.com/cloudflare-one/applications/non-http/infrastructure-apps/ https://kate-fixes-sshd-troubleshooting.preview.developers.cloudflare.com/cloudflare-one/applications/non-http/infrastructure-apps/

asamborski
asamborski reviewed Oct 10, 2025
View reviewed changes
...docs/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access.mdx

### 1. Review Access policies

A user may be blocked by an Access policy from reaching an SSH target because no explicit allow Access policy exists and Access is set to deny the user by default.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"from reaching a target through SSH"
Targets are agnostic of protocol. Let's please avoid referring to them as if there is a type to prevent confusion!

asamborski
asamborski reviewed Oct 10, 2025
View reviewed changes
...docs/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access.mdx

[Access policies](/cloudflare-one/policies/access/policy-management/) are the rules attached to this Access infrastructure application, determining who can connect and what UNIX usernames they can log in as on the server. Cloudflare will not create new users on the target. UNIX users must already be present on the server.

You were guided to create an Access policy for your SSH target in [substep 9 of step 5: Add an infrastructure application](#5-add-an-infrastructure-application).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

*target

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nikitacano nikitacano nikitacano left review comments

@pedrosousa pedrosousa pedrosousa approved these changes

@ranbel ranbel Awaiting requested review from ranbel ranbel is a code owner

@kennyj42 kennyj42 Awaiting requested review from kennyj42 kennyj42 is a code owner

+1 more reviewer

@asamborski asamborski asamborski left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@nikitacano nikitacano

@kennyj42 kennyj42

@ranbel ranbel

Labels

October 2025 product:cloudflare-one size/m

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@deadlypants1973 @pedrosousa @asamborski @nikitacano @kennyj42 @ranbel