Endpoint Security

How the Praetorian Guard Platform uses Cloudflare Tunnels to provide secure, outbound-only SSH access to deployed Aegis agents

Overview

The Praetorian Guard Platform (PGP) deploys Aegis agents to target hosts inside your environment to extend security visibility into internal networks. Once an agent is deployed, operators may need secure, interactive access to the host — for example, to run manual testing, investigate findings, or manage the agent itself.

To enable this access securely, PGP uses Cloudflare Tunnels to provide encrypted, outbound-only SSH connectivity between your deployed agents and Praetorian operators. This eliminates the need for inbound firewall rules, VPN configurations, or exposing SSH directly to the internet.

This article explains how Cloudflare Tunnels work, how PGP uses them for endpoint deployment, and the security controls that protect the tunnel lifecycle.

What Are Cloudflare Tunnels?

Cloudflare Tunnel (formerly Argo Tunnel) is a technology that creates encrypted connections between an origin server and Cloudflare's global edge network without requiring public-facing ports or IP addresses.

A lightweight daemon called cloudflared runs on the target host and establishes an outbound-only connection to Cloudflare's nearest point of presence (PoP). All traffic flows through this encrypted tunnel — the host never needs to accept inbound connections.

Key characteristics of Cloudflare Tunnels:

  • Outbound-only connectivity — The agent initiates all connections. No inbound firewall rules, port forwarding, or DMZ exposure is required.

  • Encrypted transport — All tunnel traffic uses HTTP/2 over TLS 1.3 between the agent and Cloudflare's edge network.

  • Global edge routing — Connections route through Cloudflare's anycast network, providing low-latency access regardless of geographic location.

  • Named tunnels with unique credentials — Each tunnel is a named resource with its own cryptographic secret, ensuring that tunnels cannot be impersonated or shared unintentionally.

How PGP Uses Cloudflare Tunnels

When an operator enables tunnel access for a deployed Aegis agent, PGP orchestrates the full tunnel lifecycle:

  1. Tunnel creation — PGP calls the Cloudflare API to create a named tunnel with a unique, cryptographically generated secret (32-character random string from a cryptographically secure random number generator). A DNS CNAME record is created with a randomized subdomain pointing to the tunnel.

  2. Agent-side configuration — PGP pushes a management task to the Aegis agent via Velociraptor, which installs and configures the cloudflared daemon. The daemon is configured to route SSH traffic from localhost port 22 through the tunnel.

  3. Operator access — Once the tunnel is established, operators connect via SSH through Cloudflare's edge network using the tunnel's unique hostname. Cloudflare Access authenticates the operator before the connection reaches the agent.

  4. Health monitoring — PGP continuously monitors tunnel connectivity, verifying that the cloudflared service is running and has registered at least one edge connection.

  5. Tunnel removal — When access is no longer needed, PGP triggers a management task that stops the cloudflared service, removes the configuration, and restores the original SSH configuration from backup.

Network Architecture

The tunnel architecture ensures that agent hosts never expose services directly to the internet:

Agent Host (127.0.0.1:22)  → cloudflared daemon (HTTP/2 over TLS 1.3)    → Cloudflare Edge PoP (outbound TCP 7844)      → Cloudflare Global Network (anycast)        → Operator SSH Client

Outbound port requirements — Agents require outbound access on TCP port 7844 to region1.v2.argotunnel.com and region2.v2.argotunnel.com. No inbound ports are needed.

SSH binding — In lockdown mode, SSH is bound exclusively to 127.0.0.1, meaning SSH is only accessible through the Cloudflare tunnel. Direct SSH connections from any external network are rejected.

Security Controls

PGP implements multiple layers of security throughout the tunnel lifecycle:

Authentication and Authorization

  • Role-based access control — All tunnel management endpoints (create, remove, task execution) are restricted to Praetorian-entitled users through the platform's entitlement system. Customer accounts cannot access tunnel management APIs.

  • Cloudflare Access authentication — Operator SSH sessions are authenticated through Cloudflare Access using a trusted SSH Certificate Authority (CA). Only operators with valid Cloudflare Access credentials can establish SSH connections through the tunnel.

  • Per-user task ownership — Every management task is associated with the user who created it. Only the task owner can view or cancel their own tasks.

Credential Security

  • Cryptographically secure tunnel secrets — Each tunnel secret is generated using Go's crypto/rand package with 32 characters sampled from a 36-character alphabet, providing approximately 165 bits of entropy.

  • Secrets never in API responses — Tunnel secrets are explicitly stripped from all API response objects before they are returned to callers. Only non-sensitive metadata (tunnel ID, name, hostname) is returned.

  • Sensitive parameter masking — When task details are retrieved via the API, parameters marked as sensitive in the capability configuration are replaced with **** before being returned.

  • Cloudflare API credentials in secure storage — The Cloudflare API token used for tunnel management is stored in AWS Systems Manager Parameter Store as a SecureString, encrypted with AES-256 and accessible only to the tunnel management service.

Input Validation

  • Client ID format enforcement — Agent client IDs are validated against the expected C.xxxxx format at both the API handler and service layers, providing defense-in-depth.

  • Per-capability parameter sanitization — Each management capability has its own validation rules. Parameters are validated against type-specific validators (username, path, integer, boolean, UUID) that reject shell injection patterns including semicolons, pipes, command substitution, backticks, null bytes, and path traversal sequences.

  • Tunnel name sanitization — Tunnel names are sanitized to contain only DNS-safe characters (alphanumeric and hyphens), enforcing a 63-character maximum to comply with DNS label limits.

Agent-Side Protections

  • SSH configuration validation — Before any SSH configuration changes take effect, the agent runs sshd -t to validate the configuration. If validation fails, all changes are automatically rolled back — including drop-in configuration files, CA key merges, and any modifications to sshd_config.

  • Configuration management awareness — In non-destructive (preserve) mode, the agent detects existing configuration management tools (Puppet, Ansible, Chef, SaltStack, CFEngine) and warns operators that SSH configurations may be overridden. It uses drop-in configuration files rather than modifying the primary sshd_config.

  • Original configuration backup — The agent creates a backup of the original sshd_config before any modifications, ensuring the original state can be restored during tunnel removal.

  • Idempotent tunnel creation — If a tunnel is already configured for an agent, the creation endpoint returns the existing tunnel information rather than creating a duplicate. This prevents resource leaks from repeated requests.

Operational Security

  • Async execution with status tracking — Tunnel installation and removal are executed asynchronously through dedicated Lambda functions. Each task's status (pending, running, completed, failed) is tracked in the database, providing a full audit trail.

  • Structured logging — All tunnel operations are logged with structured fields including the user, client ID, tunnel ID, and operation type, providing traceability for security investigations.

  • Health check verification — After tunnel installation, PGP automatically triggers a health check that verifies the cloudflared service is running and connected to Cloudflare's edge network.

Deployment Modes

PGP supports two SSH configuration modes when deploying a tunnel, depending on the host environment:

Lockdown Mode

Used for managed deployments (such as OVA virtual appliances) where PGP has full control of the host:

  • SSH is bound exclusively to 127.0.0.1 — only accessible through the Cloudflare tunnel

  • Password authentication is disabled

  • Only Cloudflare Access certificate-based authentication is accepted

  • Existing SSH configuration is replaced entirely

Preserve Mode

Used for client-managed hosts where the existing SSH configuration must be maintained:

  • SSH configuration changes are applied through sshd_config.d/ drop-in files when supported

  • Cloudflare's CA key is merged into existing trust files rather than overwriting them

  • Existing ListenAddress bindings are preserved

  • Configuration management tools are detected and operators are warned of potential overrides

Support

If you have questions about endpoint deployment, Cloudflare tunnel configuration, or agent connectivity, contact our support team at support@praetorian.com.