CloudFlare does not allow port 22 (usual SSH port) on domain

When you try to connect via ssh on a domain for which you are using CloudFlare as a HTTP proxy, you will get the following error:

$ ssh [email protected]
 ssh_exchange_identification: Connection closed by remote host

You have a few options to resolve for this issue:

  1. Either connect directly to the IP of the machine.
  2. Or, setup a CNAME record with no HTTP proxy for the SSH (so that you do not need to remember the IP).
    This solution does not offer any additional benefits than connecting directly to the IP of the server.
    To do that, you need to visit the configure DNS page for your site: e.g. https://www.cloudflare.com/a/dns/example.com,
    then create the CNAME named ssh, use as target your domain (e.g. example.com) and disable HTTP proxy by clicking on the orange cloud and making it gray before pressing the Add Record button.

    Then, you will be able to connect via ssh [email protected].
  3. Last solution but not least is configuring your server to listen for SSH on one of the ports of CloudFlare that are open.
    When this post was written, the following ports were available/open for any site in CloudFlare:
    For requests made via HTTP:


    For requests made via HTTPS:


    At the time, we were using an Ubuntu GNU/Linux server, to instruct Ubuntu SSHD to listen to multiple ports we edited the file /etc/ssh/sshd_config and right after the lines:

    # What ports, IPs and protocols we listen for
    Port 22

    we added another line with the new port we wanted to use:

    # What ports, IPs and protocols we listen for
    Port 22
    Port 2053

    After restarting the service
    service ssh restart;
    we were able to connect to our page as follows:
    ssh -p 2053 [email protected];


Lubuntu: “Do Nothing” when I close the laptop’s lid

A few days ago we setup a server on a laptop with lubuntu. We wanted to make sure that once the screen lid is off, the PC would not shut down (or hibernate or sleep) and it would continue to accept requests.

We tried to configure the PC through the system settings that are available with the GUI but we could not get it to work right. Anyhow, what we did in the end and worked was the following:

In the file /etc/systemd/logind.conf we set the variable HandleLidSwitch to ignore. So after the change, the following line was in logind.conf:


If the above line is commented out (i.e. starts with the character #, be sure to uncomment it by removing the # character).
After that, we had to restart the systemd-logind service as follows:

service systemd-logind restart;

Finally, to test we closed the lid and the server was operating as expected.


If you have a power manager such as xfce4-power-manager-settings, it is a good practice to make sure it is configure properly first before doing the change above. (e.g. Set Lock screen or Switch off display in When laptop lid is closed option).

If you start xfce4-power-manager after you do the change above, you might have to restart the service again as the solution seems to stop.

Compiling openbts-umts on Ubuntu 15.04

Below are the steps we followed to compile OpenBTS-UMTS on Ubuntu 15.04.
There could be a chance that we installed a couple of extra system packages while troubleshooting the installation but it works and we did not include some heavy system service as well so it should be OK.

sudo apt-get install build-essential libuhd autoconf libtool libdevel libzmq-dev libzmq libzmq-dev libzmq-dev libosip2-dev libortp-dev libusb-dev libusb-1.0 libtool-bin libsqlite3-dev libboost-dev libreadline-dev;
git clone https://github.com/RangeNetworks/OpenBTS-UMTS;
cd OpenBTS-UMTS/;
git submodule init;
git submodule update;
#First we need to setup ASN1C compiler
tar -xf asn1c-0.9.23.tar.gz;
cd vlm-asn1c-0959ffb/;
make check;
sudo make install;
cd ..;
#Finally, we can proceed with compiling openbts-umts
sudo make install;

Compiling gr-gsm on Ubuntu 14.04 LTS

Below are the steps that we followed to compile gr-gsm on Ubuntu 14.04 LTS.

sudo apt-get update;
sudo apt-get install build-essential python-dev git python-pip;
sudo pip install PyBOMBS;
sudo pybombs prefix init /usr/local -a default_prx;
sudo pybombs config default_prefix default_prx;
sudo pybombs recipes add gr-recipes git+https://github.com/gnuradio/gr-recipes.git;
sudo pybombs recipes add gr-etcetera git+https://github.com/gnuradio/gr-etcetera.git;
sudo pybombs install gr-gsm;
sudo ldconfig;

Ubuntu: Headless wireshark (or wireshark from terminal)

Recently, we wanted to use wireshark on an Ubuntu through ssh and no X-Server forwarding enabled.
After a quick search we found tshark.

TShark is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. TShark‘s native capture file format is pcap format, which is also the format used by tcpdump and various other tools.
Without any options set, TShark will work much like tcpdump. It will use the pcap library to capture traffic from the first available network interface and displays a summary line on stdout for each received packet.
TShark is able to detect, read and write the same capture files that are supported by Wireshark.

From: man tshark

Install tshark on Ubuntu

sudo apt-get install tshark -y;

Using tshark to capture all traffic on eth0 to a pcap file

sudo tshark -i eth0 -w something.pcap;

Note: If you just want to capture network traffic on a network interface and not use the additional features wireshark has to offer, you can also use tcpdumpas follows

#The following command will create a files that has in its name the current date and time using the date function.
sudo tcpdump -i eth0 -w "data.`date +%Y-%m-%d\ %H.%M`.pcap";

Ubuntu server 16.04+ MySQL port is only accessible from localhost (

Recently, we got access to an Ubuntu 16.04 LTS server that had MySQL server installed on it but was not accessible to our external servers.
The service was accessible when testing from localhost but it was not when testing from any other machine.
Executing nmap from another machine would return the value 3306/tcp closed mysql   conn-refused as below.

[[email protected] ~]$ nmap -vv -p 3306

 Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-06 17:21 EET
 Initiating Ping Scan at 17:21
 Scanning [2 ports]
 Completed Ping Scan at 17:21, 0.06s elapsed (1 total hosts)
 Initiating Parallel DNS resolution of 1 host. at 17:21
 Completed Parallel DNS resolution of 1 host. at 17:21, 0.00s elapsed
 Initiating Connect Scan at 17:21
 Scanning [1 port]
 Completed Connect Scan at 17:21, 0.06s elapsed (1 total ports)
 Nmap scan report for
 Host is up, received syn-ack (0.061s latency).
 Scanned at 2017-03-06 17:21:31 EET for 1s
 3306/tcp closed mysql   conn-refused
 Read data files from: /usr/bin/../share/nmap
 Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds

The problem was with the default configuration of mysqld that is found in the file /etc/mysql/mysql.conf.d/mysqld.cnf.
At line 41 we got the following snippet:

# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address            =

What the line bind-address            = says is that, the service will only listen on localhost.
At this stage there are two solutions that you can apply using your favorite text editor (e.g. sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf):

Solution A:

Completely remove the line bind-address            = or comment it out by adding a # in front of it as follows #bind-address            =

Solution B:

Replace with the IP that you want mysql service to be available to. In our case the line became bind-address            =

After you are done with the change, you need to restart the service for the change to take place:

[email protected]:~$ sudo /etc/init.d/mysql restart
 [ ok ] Restarting mysql (via systemctl): mysql.service.

From an external machine you can verify that the configuration was applied correctly using nmap as below:

[[email protected] ~]$ nmap -vv -p 3306
 Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-06 17:24 EET
 Initiating Ping Scan at 17:24
 Scanning [2 ports]
 Completed Ping Scan at 17:24, 0.06s elapsed (1 total hosts)
 Initiating Parallel DNS resolution of 1 host. at 17:24
 Completed Parallel DNS resolution of 1 host. at 17:24, 0.00s elapsed
 Initiating Connect Scan at 17:24
 Scanning [1 port]
 Discovered open port 3306/tcp on
 Completed Connect Scan at 17:24, 0.06s elapsed (1 total ports)
 Nmap scan report for
 Host is up, received syn-ack (0.061s latency).
 Scanned at 2017-03-06 17:24:30 EET for 0s
 3306/tcp open  mysql   syn-ack
 Read data files from: /usr/bin/../share/nmap
 Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds

You should get the value 3306/tcp open  mysql   syn-ack.

Building SnoopSnitch on Ubuntu 16.10 64bit

Step A: Update the system and install all necessary packages

sudo dpkg --add-architecture i386;
sudo apt-get update;
sudo apt-get upgrade -y;
sudo apt-get install git openjdk-8-jdk dh-autoreconf ant libncurses5:i386 libstdc++6:i386 zlib1g:i386 -y;
cd ~/;
mkdir Android;
cd Android;

Step B: Download the Android SDK and install all required packages

The following download link we got it from this page https://developer.android.com/studio/

wget https://dl.google.com/android/android-sdk_r24.4.1-linux.tgz;
tar -xf android-sdk_r24.4.1-linux.tgz;
cd android-sdk-linux/tools;
#To list all available packages, including the obsolete extra-android-support
#./android list sdk --all –extended;
./android update sdk --no-ui --all --filter extra-android-support,tools,platform-tools,build-tools-19.1.0,android-19;

You will get a prompt for a license agreement, you need to type Y to proceed

November 20, 2015
Do you accept the license 'android-sdk-license-c81a61d9' [y/n]: y
cd ../..;
export ANDROID_HOME=`pwd`/android-sdk-linux;

Step C: Once the installation is complete, we need to install the Android NDK.

The following link we got it from https://developer.android.com/ndk/downloads/

wget https://dl.google.com/android/repository/android-ndk-r13b-linux-x86_64.zip;
unzip -q android-ndk-r13b-linux-x86_64.zip;
export NDK_DIR=`pwd`/android-ndk-r13b;
#If we do not update the PATH we will get the following error: ../libtool: line 1719: arm-linux-androideabi-ranlib: command not found
mkdir Projects;
cd Projects;

Step D: Afterwards, we can download SnoopSnitch and all of the git submodules of it using the following command.

git clone --recursive https://opensource.srlabs.de/git/snoopsnitch.git;

Step E: Then we need to compile two separate parts of the project.

We will start by compiling contrib/ projects, that are the supplementary projects needed for SnoopSnitch to get data.

cd snoopsnitch/contrib/;
./compile.sh -t android -u;
cd ..;

Step F: Finally, we can proceed to compile the android project of SnoopSnitch.

cd ./SnoopSnitch;

We need to update Application.mk and add APP_ABI := armeabi to it.
We do this to make sure that we compile  diag-helper.c only for armeabi as the rest of the packages will be available only on that architecture.
If we do not do this and we have a processor that supports armeabi-v7a (or different), then it will only install diag-helper.so and it will ignore the rest. Which will of course cause the application to fail.

echo "APP_ABI := armeabi" >> jni/Application.mk;
ant debug;
~/Android/android-sdk-linux/platform-tools/adb start-server

Once the compilation is complete, we can upload our apk to a device using the following commands:

#First we make sure that the adb server is running
$ANDROID_HOME/platform-tools/adb start-server;
#Then we check that our device is visible to the adb
$ANDROID_HOME/platform-tools/adb devices;
#Finally, we install the application to the device.
$ANDROID_HOME/platform-tools/adb install bin/SnoopSnitch-debug.apk;

This guide was tested on freshly installed Ubuntu 16.10 64bit.


Useful links

Ubuntu/Bash: Get the IP of eth0

Following is a small snippet that will print on screen the IP of eth0 while in Ubuntu (Both server and desktop versions).
As you will see, it is not a very sound solution as it depends on the structure of the output of ifconfig eth0.

Nevertheless is works (for Ubuntu at least)! 🙂

ifconfig eth0 | grep "inet addr" | cut -d ':' -f 2 | cut -d ' ' -f 1

What this line does is: first it prints out the configuration information for eth0, then finds the line that contains the inet addr, using cut it gets the second column of the data after separating the line using the : symbol. Right now in the pipe we will have something similar to this Bcast, so we need to filter out the last part as well. We do the last filtering by using cut again, this time by getting the first column while using the space character as the delimiter.

The Ubuntu version that was used for this tutorial is

$lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 14.04.4 LTS
Release:	14.04
Codename:	trusty

The version of ifconfig for this tutorial is

$ifconfig --version
net-tools 1.60
ifconfig 1.42 (2001-04-13)

In case you want to assign the IP of eth0 to a variable, you can easily do as follows

ETH0=`ifconfig eth0 | grep "inet addr" | cut -d ':' -f 2 | cut -d ' ' -f 1`;