Category Archives: DevOps

Access to device over 3g mobile internet or NAT

The problem is to present access to your device (pc, raspberry etc) which has usb-dongle (or wifi) connected to mobile internet provider.
So, in this case you have no public (white) IP address and this is the challenge!

The solution i advice is to use SSH tunnel. For this you need public SSH server accessible from the world. If has one go ahead!

Part 1. Configure public SSH server!
Add to “/etc/ssh/sshd_config”:

PermitTunnel yes
ClientAliveInterval 60
GatewayPorts yes

Restart service:

sudo systemctl restart sshd.service

And that’s it for changes on public side. All other is related to your private (local, intranet, etc) machine.

Part 2. Make public-private key pair!
Install SSH client. For Ubuntu use:

sudo apt install openssh-client

To connect to our public SSH server we’ll use key-based authorization.


Attention! Set empty passphrase for key pair!

Copy public SSH key to public SSH server

ssh-copy-id -i ~/.ssh/mykey @

Start SSH agent and load your new key:

eval `ssh-agent -s`
ssh-add ~/.ssh/mykey

Now you’ve successfully logged in to you public SSH server:

ssh -i ~/.ssh/mykey @

If not, check all steps in this part.

Part 3. Make robust SSH tunnel through 3g/4g/etc channel!
You know if you have no dedicated IP in your internet service provider the IP address will change unpredictable. And this is the problem for creating SSH tunnels. Even you read anywhere about autossh that’s doesn’t help. So, let’s build our system will recreate SSH tunnel each time when public IP address is changed.

Install SSH server. For Ubuntu use:

sudo apt install openssh-server

For the next step we need to create a few files:
The main one is “~/”


echo [ $(date +%Y-%m-%d\ %H:%M:%S,%3N) ]

# Settings

# Init log
if [ ! -f $IP_LOG ]; then
  echo "" > $IP_LOG

# Start SSH tunnel if not exists
if [ -n "$PID" ]; then
  echo "SSH tunnel is already created"
  ~/ &
  sleep 3
echo "Pid: $PID"

echo "Check new public IP..."

# Get current IP
CURRENT_IP=$(dig +short
echo "Current IP: $CURRENT_IP"

if [ -z "$CURRENT_IP" ]; then
  echo "Current IP is empty. Exit."
  exit 0

# Get last IP
LAST_IP=$(tail -n 1 $IP_LOG)
echo "Last IP:    $LAST_IP"

if [ "$CURRENT_IP" != "$LAST_IP" ]; then
  # Save current IP
  echo $CURRENT_IP >> $IP_LOG

  echo "Restarting SSH tunnel - started"
  ~/ &
  sleep 3
  echo "Restarting SSH tunnel - finished"
  echo "IP is not changed. Exit."

File “~/”


echo $(ps aux | grep -i "ssh -v -N" | grep -v grep | awk '{print $2}')

File “~/”


echo "Creating SSH tunnel..."
while true
  ssh -v -N -C \
    -o ServerAliveInterval=60 \
    -o ExitOnForwardFailure=yes \
    -i ~/.ssh/mykey \
    -R @ \
    -E ~/ssh.log
  echo "Recreating SSH tunnel..."
  sleep 5

File “~/”



for i in `ps aux | grep -i "ssh -v -N" | grep -v grep | awk '{print $2}'`; do
  kill -9 $i

The last step is to run our tunnel manager by cron task. So, edit cron file:

sudo mcedit /etc/crontab

Or any other method you like and add the task:

*/5 * * * *  /home// >> /home//tm.log

So, each 5 minutes you’ll check the system and recreate SSH tunnel.

Part 4. Testing!
Now we ready for connection to our private SSH server from the world:

ssh @ -p22222

See also,

Install Oracle Java 8 on Ubuntu Linux

To install Oracle JDK 8 on Ubuntu you can choose one of two methods:
A. Automatic installation:

sudo apt-get install python-software-properties
sudo add-apt-repository ppa:webupd8team/java

sudo apt-get update

sudo apt-get install oracle-java8-installer

sudo update-alternatives --config java
sudo update-alternatives --config javac
sudo update-alternatives --config javaws

B. Manual installation:

Download oracle jdk at

Extract archive into /usr/local/jdk1.8.0_65

sudo update-alternatives --install  /usr/bin/java java /usr/local/jdk1.8.0_65/bin/java 1
sudo update-alternatives --install  /usr/bin/javac javac /usr/local/jdk1.8.0_65/bin/javac 1
sudo update-alternatives --install  /usr/bin/javaws javaws /usr/local/jdk1.8.0_65/bin/javaws 1

sudo update-alternatives --set  java /usr/local/jdk1.8.0_65/bin/java
sudo update-alternatives --set  javac /usr/local/jdk1.8.0_65/bin/javac
sudo update-alternatives --set  javaws /usr/local/jdk1.8.0_65/bin/javaws

Thanx to

Change default password for Oracle 11g Database

To change the default password for SYS and SYSTEM users use the trick.

1. Run in shell:

sqlplus  / as sysdba

2. Change password for SYS:

SQL> alter user SYS identified by "your-super-password";

3. Change password for SYSTEM:

SQL> alter user SYSTEM identified by "your-super-password";

Thanx to

Using RSYNC to backup (synchronize) folders

If you want to synchronize two folders use next snippets.

1. Sync folder “source” content to “target” folder:

rsync -arpv --delete /mnt/source/ /mnt/target

Notice trailing slash for “source” folder!

2. Sync whole folder “source” to “parent” folder:

rsync -arpv --delete /mnt/source /mnt/parent

More info

Generate SSH key (identity)

To generate SSH key you have to do following:

1. Install any SSH client (if absent).

2. Show existing keys:

ls -la ~/.ssh

It can be empty.

3. Generate key itself:

ssh-keygen -t rsa -b 4096 -C ""

You’ll be prompted to enter the path to store the key. Also, you can enter a passphrase. But it can be empty in some cases.

4. Check for new key:

ls -la ~/.ssh

You’ll see something like:

-rw-r–r– 1 dtv 197121 1679 jun 11 2016 id_rsa
-rw-r–r– 1 dtv 197121 400 jun 11 2016

5. Run SSH agent to add new key:

eval "$(ssh-agent -s)"

6. Add SSH key:

ssh-add ~/.ssh/id_rsa

Thanx to

Multiple SSH keys configuration

If you are using, for example GIT, it may be needed to use different ssh keys for different servers. By default git client uses “~/.ssh/id_rsa” private key.
And you’ll get the error like:

Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

If you want to use another ssh key, you should load it before with ssh-add command each time.

To avoid the issue you can specify the ssh key for certain server.
Just create (or update) file “~/.ssh/config” with content:

  Port                      22
  PreferredAuthentications  publickey
  IdentityFile              "C:\Users\user42\.ssh\private-ssh-key-file"

Thanx to

Apache and SVN configuration with user permissions

This tutorial shows how to configure Apache+SVN couple.

1. First of all you should install Apache Httpd server (version 2.4 in this case) with DAV_SVN module and subversion client:

yum -y install httpd mod_dav_svn subversion

2. Check installed modules are turned on:

LoadModule auth_basic_module modules/
LoadModule authn_core_module modules/
LoadModule authz_user_module modules/

LoadModule dav_module modules/
LoadModule dav_fs_module modules/
LoadModule dav_lock_module modules/

LoadModule dav_svn_module     modules/
LoadModule authz_svn_module   modules/
LoadModule dontdothat_module  modules/

3. Configure repository folder in http.conf:

<Directory "/srv/svn/repos">
    Options None
    AllowOverride None
    Require all granted

4. Add virtual host:

<VirtualHost *:80>
    DocumentRoot "/srv/svn"
    ErrorLog "/srv/svn/log/svn.domain.com_error_log"
    CustomLog "/srv/svn/log/svn.domain.com_access_log" common
    TransferLog "/srv/svn/log/svn.domain.com_transfer_log"

    LimitXMLRequestBody 0
    LimitRequestBody 0

    <Location />
        DAV svn
        SVNParentPath "/srv/svn/repos"
        SVNListParentPath on
        AuthType Basic
        AuthName "Subversion repository"
        AuthUserFile "/srv/svn/svn.passwd"
        AuthzSVNAccessFile "/srv/svn/svn.access"
        Require valid-user

5. Create passwd file “/srv/svn/svn.passwd”:

htpasswd -c -b /srv/svn/svn.passwd tom tomPasswordHere
htpasswd -b /srv/svn/svn.passwd jerry jerryPasswordHere
htpasswd -b /srv/svn/svn.passwd spike spikePasswordHere

6. Create access file “/srv/svn/svn.access”:

adminGroup = tom
otherGroup = jerry,spike

* =
@adminGroup = rw

@otherGroup = rw

@otherGroup = r

So, as you see adminGroup has full access to php repository.
But otherGroup has write access to project42 and only read permissions on projectGood.

Also see