Adding a Lightweight SSH Command-Line to Your Windows PC with Cloudflare
Enhance your remote Windows setup with a fast, browser-based SSH terminal using the same Cloudflare Tunnel. Perfect for quick command-line access when full RDP is too slow or unnecessary.
Adding a Lightweight SSH Command-Line to Your Windows PC with Cloudflare
I recently set up a secure, browser-based RDP connection to my home PC using Cloudflare Tunnels. It works brilliantly, but I quickly realized that RDP can feel sluggish on a slow or unstable network connection. Sometimes, I don’t need the full graphical desktop; I just need a fast, responsive command line to run a script or check a file.
The perfect solution is SSH. This guide details how I added a secure, browser-based SSH terminal for my Windows PC, leveraging the exact same Cloudflare Tunnel I was already using for RDP.
Why Add SSH to Windows?
Speed: A text-based SSH connection uses a tiny fraction of the bandwidth of a graphical RDP session. It’s incredibly fast and responsive, even on poor Wi-Fi.
Convenience: It’s perfect for quick administrative tasks, running scripts, or managing files without the overhead of a full desktop.
Efficiency: We can run it through the same secure tunnel as our RDP service, meaning no extra setup on the PC itself.
Step 1: Installing the OpenSSH Server on Windows
First, I needed to install an SSH server on my Windows 11 Pro machine. Thankfully, Microsoft provides an official one.
Install via Optional Features: I went to Settings > System > Optional features. I clicked “View features” and searched for “OpenSSH Server.” I checked the box and installed it. (Note: On some Windows builds, this is missing, and you may need to install it with a PowerShell command instead).
Configure the Service: After installation, I opened the Services app (services.msc). I found the “OpenSSH SSH Server” service, right-clicked, and went to its Properties. I changed the Startup type to Automatic and clicked Start to run it immediately.
My PC was now ready to accept SSH connections on the default port, 22.
Step 2: Adding SSH to the Existing Cloudflare Tunnel
I didn’t need to create a new tunnel. I could simply add a new rule to my existing rdp-laptop tunnel.
In the Cloudflare Zero Trust dashboard, I navigated to Networks > Tunnels and clicked Configure on my rdp-laptop tunnel.
I selected the Public Hostnames tab.
I clicked Add a public hostname.
I configured the new endpoint:
- Hostname:
cmd.yourdomain.com(a new, distinct subdomain). - Service: SSH ->
localhost:22.
I saved the hostname. The cloudflared agent on my PC automatically picked up the new rule and began routing traffic for cmd.yourdomain.com to my new SSH server.
Step 3: Creating a Secure Access Application
Just like with RDP, this new endpoint needed its own security policy.
In Access > Applications, I created a new Self-hosted application.
I pointed it to the new hostname, cmd.yourdomain.com.
I enabled Browser Rendering for SSH. This is the key to making it work in any browser without a client.
I created a strict Access Policy to only allow my email to connect.
I enabled the HttpOnly cookie attribute for security and added the application to my App Launcher.
Notes & Lessons Learned
Default Shell: I was pleasantly surprised to find that upon connecting, the SSH server dropped me directly into a familiar Command Prompt (cmd.exe). On some Windows versions, the default might be PowerShell. If that’s the case for other users, they can easily switch to Command Prompt by simply typing cmd and pressing Enter after logging in.
Username Consistency: The same username that worked for RDP (PC_NAME\username) also worked perfectly for SSH, along with my full Microsoft account password.
Now, from my single Cloudflare App Launcher dashboard, I have two options for connecting to my home PC. If I need the full graphical experience, I click my RDP app. If I just need a quick, snappy terminal for a command, I click my new SSH app. It’s the best of both worlds, all running through the same single, secure tunnel.