Cloudflare zero trust SSH browser rendering not working


I am trying to create a tunnel from a NixOS instance, and it works fine (rendereing of an http page, ssh via console, etc.) except for the SSH rendered via browser. The command I use is:

cloudflared tunnel --loglevel debug --no-autoupdate run --token=mysupertoken

If I try to use the same command and token from Debian, everything works.
So what I suppose is that there is a difference in the NixOS configuration (maybe about sshd) that create the issue, but since no documentation about the setup is truly available, I am unable to understand what the issue truly is.

This is what the browser console prints:

POST [HTTP/3 400 Bad Request 223ms]
[libssh2] 0.247000 Failure Event: -5 - Unable to exchange encryption keys JZ4D45Y6.js:1:3543
Uncaught (in promise) Error: [FATAL] ../../src/ssh/ libssh2_session_handshake(session_, 0 ) rc=-5

And this is the error that cloudflared prints:

2024-03-06T10:44:48Z DBG downstream->upstream copy: stream 5 canceled by local with error code 0 connIndex=0 destAddr=ssh://localhost:22 event=1 ingressRule=1 originService=ssh://localhost:22

I have also open an issue on cloudflared Github, to have more documentation:

Anyone had a similar issue?

Thank you,

1 Like