Skip to content

[CF1] KEXalgo support list #20132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Feb 21, 2025
Merged

[CF1] KEXalgo support list #20132

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
11cfe2b
[CF1] KEXalgo support list
deadlypants1973 Feb 20, 2025
44d5bdb
Update src/content/docs/cloudflare-one/applications/non-http/index.mdx
deadlypants1973 Feb 20, 2025
132a320
fixed formatting
deadlypants1973 Feb 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 19 additions & 7 deletions src/content/docs/cloudflare-one/applications/non-http/browser-rendering.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ pcx_content_type: how-to
title: Browser-rendered terminal
sidebar:
order: 3

---

Cloudflare can render certain non-web applications in your browser without the need for client software or end-user configuration changes. Cloudflare currently supports rendering a terminal for SSH and VNC connections in a user's browser.
Expand All @@ -16,11 +15,24 @@ You can only enable browser rendering on domains and subdomains, not for specifi

To enable browser rendering:

1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
2. Locate the SSH or VNC application you created when [connecting the server to Cloudflare](/cloudflare-one/connections/connect-networks/use-cases/ssh/). Select **Configure**.
3. In the **Policies** tab, ensure that only **Allow** or **Block** policies are present. **Bypass** and **Service Auth** are not supported for browser-rendered applications.
4. Go to **Advanced settings** > **Browser rendering settings**.
5. For **Browser rendering**, choose _SSH_ or _VNC_.
6. Select **Save application**.
1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
2. Locate the SSH or VNC application you created when [connecting the server to Cloudflare](/cloudflare-one/connections/connect-networks/use-cases/ssh/). Select **Configure**.
3. In the **Policies** tab, ensure that only **Allow** or **Block** policies are present. **Bypass** and **Service Auth** are not supported for browser-rendered applications.
4. Go to **Advanced settings** > **Browser rendering settings**.
5. For **Browser rendering**, choose _SSH_ or _VNC_.

:::note

When connecting over SSH, Cloudflare supports following key exchange algorithms:

- `curve25519-sha256@libssh.org`
- `curve25519-sha256`
- `ecdh-sha2-nistp256`
- `ecdh-sha2-nistp384`
- `ecdh-sha2-nistp521`

:::

6. Select **Save application**.

When users authenticate and visit the URL of the application, Cloudflare will render a terminal in their browser.
8 changes: 4 additions & 4 deletions src/content/docs/cloudflare-one/applications/non-http/index.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ pcx_content_type: concept
title: Non-HTTP applications
sidebar:
order: 1

---

Cloudflare offers both client-based and clientless ways to grant secure access to non-HTTP applications.
Expand All @@ -17,6 +16,7 @@ Non-HTTP applications require [connecting your private network](/cloudflare-one/
Users can connect by installing the Cloudflare WARP client on their device and enrolling in your Zero Trust organization. Remote devices connect to your applications as if they were on your private network. By default, all devices enrolled in your organization can access any private route unless they are protected by an Access policy or Gateway firewall rule. To secure the application, you can [create a self-hosted application](/cloudflare-one/applications/non-http/self-hosted-private-app/) for a private IP range, port range, and/or hostname and build [Access policies](/cloudflare-one/policies/access/) that allow or block specific users.

If you would like to define how users access specific infrastructure servers within your network, [create an infrastructure application](/cloudflare-one/applications/non-http/infrastructure-apps/) in Access for Infrastructure. Access for Infrastructure provides an additional layer of control and visibility over how users access non-HTTP applications, including:

- Define fine-grained policies to govern who has access to specific servers and exactly how a user may access that server.
- Eliminate SSH keys by using short-lived certificates to authenticate users.
- Export SSH command logs to a storage service or SIEM solution using [Logpush](/cloudflare-one/insights/logs/logpush/).
Expand All @@ -41,6 +41,6 @@ Users can log in to the application by installing `cloudflared` on their device

To connect to an application over a specific protocol, refer to these tutorials:

* [SSH](/cloudflare-one/connections/connect-networks/use-cases/ssh/)
* [SMB](/cloudflare-one/connections/connect-networks/use-cases/smb/)
* [RDP](/cloudflare-one/connections/connect-networks/use-cases/rdp/)
- [SSH](/cloudflare-one/connections/connect-networks/use-cases/ssh/)
- [SMB](/cloudflare-one/connections/connect-networks/use-cases/smb/)
- [RDP](/cloudflare-one/connections/connect-networks/use-cases/rdp/)
Loading