A concise guide shows how to expose a home or office SSH server to any network without opening router ports, using a Cloudflare tunnel running inside Docker. By configuring a private tunnel and a public hostname, users can run `ssh myserver` from macOS, Linux, or Windows with encryption.

On the server, install OpenSSH if missing, then pull the latest cloudflared image and launch it with `docker compose up -d`. The container runs in host network mode so it can reach port 22, and the dashboard assigns a public hostname like `ssh.yourdomain.com` for secure access over the internet.

On the client, install the SSH client and cloudflared, generate an ed25519 key pair, and add the public key to the server’s `authorized_keys`. Then edit `~/.ssh/config` to set `ProxyCommand cloudflared access ssh --hostname %h` and point `HostName` to the Cloudflare hostname for secure remote connections without exposing ports directly.

The setup hides the server’s IP, keeps all traffic encrypted through Cloudflare, and enforces key authentication so passwords never travel. After confirming the tunnel status with `docker compose ps` and testing `ssh -v myserver`, users can rely on a hardened, zero‑trust remote access layer for developers and sysadmins.