Cloudflared tunnel is not properly forwarding ssh

I set up cloudflared as described in the docs:

installed cloudflared on Debian
cloudflared tunnel login which gave a browser url and upon completion created .cloudflared folder. There I could see cert.pem and a credentials json.
created the config.yml:

tunnel: my-uuid
credentials-file: /home/path/to/my-uid.json

ingress:
   - hostname: my-uuid.cfargotunnel.com
     service: ssh://localhost:22
   - service: http_status:404

did cloudflared tunnel ingress validate and it displays: Validating rules from /path/to/config.yml OK

Then I do cloudflared tunnel start my-tunnel-name, which starts the tunnel.

Then in another machine, I added to ssh config:

Host my-test
    HostName my-uuid.cfargotunnel.com
    User someuser
    Port 22
    IdentityFile /path/to/key
    ProxyCommand cloudflared acess ssh --hostname %h

when I do ssh -vvv my-test it says:

.....
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535

This does not change if I add a CNAME to one of the domains I own in cloudflare and replace hostname with that human friendly subdomain. This thing does not seems to work at all.

I can connect to this machine easily in the LAN, it gets the key and asks for verification etc since it has sshd running.

Ideally I just want this tunnel to forward ssh request to localhost:22 and my server still prompting for verification. I also do not want to use my domain but the automatically assigned *.cfargotunnel.com.

I must be missing something, it cant be this convoluted..

Solution

Cloudflare community has solved this.

The issue was c name records did not take instant effect, and one has to wait a bit, let’s say 15 mins for thing to work.

After adding the c name and updating

Host my-server
    HostName mysubdomain.mydomain.com
    ....

and did:

cloudflared tunnel --loglevel debug --logfile ./.cloudflared/test.log run my_tunnel_name

things started working. So for anyone who got stuck:

supplying myuid.cfargotunnel.com DOES NOT seem to work, cloudflare needs to resolve it via cname. after adding CNAME, WAIT. Wait 15 mins before starting a tunnel again. arguments --loglevel and --logfile do help a lot.

the bottom line is hostnames cannot be from *.cfargotunnel.