Thursday, October 4, 2012

Disk Cloning / Imaging over Network with SSH, Netcat, DD and XZ

Today we have affordable, ample storage and faster bandwidth to facilitate partition imaging and disk cloning over network. Nowadays, it's common and feasible to take the image of a whole partition for various reasons. Compared to file-based backups using tar, disk imaging provides the following advantages.




  • The boot sector is preserved so that it's easy to make it bootable after the restore.
  • Information such as UUID and LABEL is presered, which helps identify the partition in booting and mounting.
  • Information such as ACL and XATTR is preserved, which helps restrict file access and secure the system.
  • Every bit in the unused sectors is preserved, which may assist in digital forensics to uncover deleted or hidden information.


There are commercial programs for disk imaging and backup (Norton Ghost, Acronis True Image). However, Linux users can use readily available tools to get things done. For disk cloning/imaging, we can use ssh, netcat, dd and xz. Note that dd will fail on physically damaged disks. For such disks, use ddrescue instead.



For security and compression, we are going to use ssh and xz in this tutorial. If you don't like xz, feel free to substitute xz with gzip, bzip2 or lzop. Also, netcat is used to stream the dd output over the network. On Debian and Ubuntu derivatives, you need the following packages.




  • bzip2, gzip, lzop, lzma OR xz-utils
  • dd
  • netcat
  • ssh


We are making these assumptions in the following scenarios.




  • Sending computer S

    This computer has IP address 192.168.1.1 and needs to back up partition /dev/sda1.
  • Sending Port

    We'll send using port 5525.
  • Receiving computer T

    This computer has IP address 192.168.1.2 and needs to restore partition /dev/sda2.
  • Receiving Port

    We'll receive at port 7749.


Disk Cloning using dd, xz, netcat and ssh


In this scenario, we will clone a disk partition, simultaneously sending an image of the source partition /dev/sda1 from computer S (192.168.1.1) and restoring it at /dev/sda2 on computer T (192.168.1.2). Make sure that the source partition is not mounted or is mounted read-only. Also, make sure that the target partition size is greater than or equal to the source partition size.




  1. At the sending computer, compress the source partition /dev/sda1 with xz and set up netcat to send it at port 5525:

    dd if=/dev/sda1 bs=16M | xz | nc -l 5525

  2. At the receiving computer, set up a SSH tunnel to the sending computer (192.168.1.1):

    ssh -f -N -L 7749:127.0.0.1:5525 username@192.168.1.1

  3. At the receiving computer, type the following command to receive the partition image and restore it at /dev/sda2:

    nc 127.0.0.1 7749 | xz -d | dd of=/dev/sda2 bs=16M



Alternatively, we could take the following steps to achieve the same thing. However, we start at the receiving computer.




  1. At the receiving computer with the target partition /dev/sda2, type the following command to receive the partition image:

    nc -l 7749 | xz -d | dd of=/dev/sda2 bs=16M

  2. At the sending computer with the source partition /dev/sda1, set up a SSH tunnel to the receiving computer (192.168.1.2):

    ssh -f -N -L 5525:127.0.0.1:7749 username@192.168.1.2

  3. At the sending computer, type the following command to compress the source partition /dev/sda1 and transmit it over the SSH tunnel:

    dd if=/dev/sda1 bs=16M | xz | nc 127.0.0.1 5525

    Note that the transfer may take many hours for a large partition.




Disk Imaging using dd, xz, netcat and ssh


In this scenario, we will just send an image of the source partition /dev/sda1 to the receiving computer T (192.168.1.2) without restoring it. Make sure that the source partition is not mounted or is mounted read-only. A question remains whether to compress the image at the sending or receiving computer. The answer depends on which computer is more powerful. For this example, we'll compress at the sending computer (for network bandwidth reason).




  1. At the sending computer, compress the source partition /dev/sda1 with xz and stream it using netcat:

    dd if=/dev/sda1 bs=16M | xz | nc -l 5525

  2. At the receiving computer, set up a SSH tunnel to the sending computer (192.168.1.1):

    ssh -f -N -L 7749:127.0.0.1:5525 username@192.168.1.1

  3. At the receiving computer, type the following command to receive the file:

    nc 127.0.0.1 7749 > partimg.xz



Alternatively, we could take the following steps to achieve the same thing.




  1. At the receiving computer, set up netcat to listen at port 7749 and save the incoming data to a file partimg.xz.

    nc -l 7749 | dd of=partimg.xz bs=16M

  2. At the sending computer, establish a SSH tunnel to the receiving computer (192.168.1.2) first:

    ssh -f -N -L 5525:192.168.1.2:7749 username@192.168.1.2

  3. At the sending computer, type the following command to compress the source partition /dev/sda1 and transmit it over the SSH tunnel:

    dd if=/dev/sda1 bs=16M | xz | nc 127.0.0.1 5525

    Note that the transfer may take many hours for a large partiiton.




Alternative Simple Commands for Disk Cloning / Imaging


I don't like these methods for some reason, but here I show the simpler methods where netcat is not needed. For disk cloning, type something like this:



dd if=/dev/sda1 bs=16M | xz | ssh username@192.168.1.2 "xz -d | dd of=/dev/sda2 bs=16M"


Just to send an image file, run a command as follows:



dd if=/dev/sda1 bs=16M | xz | ssh username@192.168.1.2 "dd of=partimg.xz bs=16M"


Also Read:


No comments:

Post a Comment

About This Blog

KBlog logo This blog is about current events and issues concerning general population. Thanks for visiting the blog and posting your comments.

© Contents by KBlog

© Blogger template by Emporium Digital 2008

Followers

Total Pageviews

icon
Powered By Blogger