2014-04-06 17:54

After searching a bit I could not find a simple and good howto to do that.
The following method should work for any Linux distribution (Ubuntu, Debian, Manjaro, Archlinux, Fedora…). Source and target systems must be on the same processor architecture (though transfer from 32bit to 64bit should work).

What you need:

  • 2 live USB keys (or cds)
  • To speed up data transfer: good quality ethernet cables (one cable between the 2 computers is OK), or a usb key/drive with a BIG ext4 partition. You can try over wifi, but it may be slow.

1. Boot source and target machines on live USB/CD

Any live USB/CD should be OK.
On the target computer, you will need a tool to partition your hard drive, like gparted.
rsync is also required for data transfer: it’s included in many live systems.

Ubuntu live cd is OK, Manjaro live cd too.

2. Partition your target hard drive

Use a tool like gparted to partition the target hard drive, with the same partitions as your source system (slash, swap, home…).
I recommend you to assign LABELs to your partitions: for the fstab, it’s easier than UUIDs.

3. Mount all partitions on both machines

On both systems, open a root terminal. Then, for each data partition (you can ignore swap):

mkdir /mnt/slash
mount /dev/sdaX /mnt/slash

If you have a home partition:

mkdir /mnt/home
mount /dev/sdaY /mnt/home

4. Transfer the data (network or usb)

This part may be tricky. Choose the method you prefer.

Network

  1. Setup the network. Test the connectivity with ping command.
    The easier is to plug the PCs on a DHCP network (like your ISP box) so that you get automatic IP addresses. If you linked the 2 pcs with a single cable, you’ll have to setup the IPs with NetworkManager (static ips, or adhoc network).
  2. On source system, as root, create a simple /etc/rsyncd.conf file:
    uid = root
    gid = root
    use chroot = no
    
    [all]
        path = /
    
  3. Then start the rsync daemon server: rsync --daemon
  4. On target PC, for each partition:
    rsync -avHX SOURCE_IP::all/mnt/slash/ /mnt/slash/
    

    Don’t forget ‘/’ at the end of paths. -a will preserve many file attributes like owner and permissions, -H will preserve hardlinks if any, -X will preserve extended attributes like setuid. You may also add -A if you are using acls. What is good with rsync is that you can stop and restart the transfer whenever you want.

USB

Prepare a USB drive with a BIG ext4 partition.

  1. Mount the USB partition on source system (mount /dev/sdbX /mnt/usb)
  2. For each partition:
    rsync -avHX /mnt/slash/ /mnt/usb/slash/
    
  3. umount, unplug and remount the USB disk on the target system.
  4. For each partition:
    rsync -avHX /mnt/usb/slash/ /mnt/slash/
    

5. Change fstab on target system

As root, edit /mnt/slash/etc/fstab
For each partition (including swap), replace the first field with the new UUID or LABEL (it’s straightforward with LABELs):
UUID=the-long-uuid, or LABEL=yourlabel

2 ways to get the UUIDs / LABELs:

ls -l /dev/disk/by-uuid/
blkid /dev/sdaX

6. Reinstall Grub

We will use a chroot (changed root environment) to be able to call the grub install inside the migrated system.

First, bind mount some system directories needed by grub, then chroot:

mount --bind /proc /mnt/slash/proc
mount --bind /sys /mnt/slash/sys
mount --bind /dev /mnt/slash/dev
mount --bind /run /mnt/slash/run
chroot /mnt/slash

Then install grub in the Master Boot Record of your hard drive, and update grub config file (with the new uuids…):

grub-install /dev/sda
update-grub

7. Reboot target machine

That’s it! Your system should be working on the new computer now.
Feel free to comment if you encounter problems.

2014-04-06 17:54 · Tags: , ,
2013-12-05 23:22

Bsync is a bidirectional file synchronization tool, using rsync for transfers. Moved files are also synchronized in a smart way.

It uses rsync for file transfers, find to generate filelist snapshots, and ssh for remote transfers.

bsync is an alternative to Unison, written in Python 3. A big strength of bsync: it can detect and apply moved files from one side to the other (Unison uses some copy calls to handle moved files).

I developped it to be able to synchronize my music directory from my laptop to my Raspberry Pi in an efficient way, and to sync with my girlfriend laptop too.

Bsync is released under GPL. Feel free to report any bugs/wishes in GitHub issues.

More info, Download and Install on the GitHub repo.

2013-12-05 23:22 · Tags: , , , , ,
2010-12-29 18:36

You have 2 systems and you want to set up a secure backup with rsync + SSH of one system to the other.

Very simply, you can use:

backup.example.com# rsync -avz --numeric-ids --delete root@myserver.example.com:/path/ /backup/myserver/

To do the backup, you have to be root on the remote server, because some files are only root readable.

Problem: you will allow backup.example.com to do anything on myserver.example.com, where just read only access on the directory is sufficient.

To solve it, you can use the command="" directive in the authorized_keys file to filter the command.

To find this command, start rsync adding the -e'ssh -v' option:

rsync -avz -e'ssh -v' --numeric-ids --delete root@myserver.example.com:/path/ /backup/myserver/ 2>&1 | grep "Sending command"

You get a result like:

debug1: Sending command: rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /path/

Now, just add the command before the key in /root/.ssh/authorized_keys:

command="rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /path/" ssh-rsa AAAAB3NzaC1in2EAAAABIwAAABio......

And for even more security, you can add an IP filter, and other options:

from="backup.example.com",command="rsync --server --sender -vlogDtprze.iLsf --numeric-ids . /path/",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ssh-rsa AAAAB3NzaC1in2EAAAABIwAAABio......

Now try to open a ssh shell on the remote server.. and try some unauthorized rsync commands…

Notes:

  • Beware that if you change rsync command options, change also the authorized_keys file.
  • No need for complex chroot anymore. Forget my previous article: sftp-chroot-rsync

See also:

  • man ssh #/AUTHORIZED_KEYS FILE FORMAT
  • man rsync
  • view /usr/share/doc/rsync/scripts/rrsync.gz (restricted rsync, allows you to manage allowed options precisely)
2010-12-29 18:36 · Tags: , ,
2009-10-09 17:12

Here is howto make sftp shares with chroot.

In /etc/ssh/sshd_config:

# we use openssh internal sftp
# because /usr/lib/openssh/sftp-server won't be available in chroot
Subsystem sftp internal-sftp

Match group sftp
        ChrootDirectory %h
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp

UPDATE 17/06/2010: Beware with the syntax! Comments must start at the line beginning, and no spaces at the end of the ForceCommand internal-sftp line.

Now just create users belonging to sftp group, and that’s it.
Test it with:

sftp user@myserver.com

Problem: we cannot use the rsync command to send files, because rsync is not available in the chroot.

First, we allow other commands, commenting the line:

#ForceCommand internal-sftp

Then, we build the following tree in the chroot directory:

bin/
bin/bash
bin/rsync
lib/
lib/libncurses.so.5
lib/ld-linux.so.2
lib/libacl.so.1
lib/libpopt.so.0
lib/libattr.so.1
lib/i686
lib/i686/cmov
lib/i686/cmov/libdl.so.2
lib/i686/cmov/libc.so.6

We must put both bash and rsync commands, and all their librairies (you can display them with the ldd command).

Note: the user must have /bin/bash as default shell.

Note2: the chroot dir must belong to root, even if it’s the user’s folder. To allow the user to write in it, you have to create a subfolder with appropriate permissions. According to OpenSSH programers, it’s a big constraint, but very important for a chroot’s security.

References :

2009-10-09 17:12 · Tags: , , ,