I was cloning a machine the other day.
I had the new machine in the lab and the "already built" machine in the field (all behind firewalls). I had administrative access to both machines from my admin box via natted vpn. My challenge was to drop a copy of the system from the production machine to the lab machine, given both machines have no dirrect access to each other. Here's what I did.
I opened ssh tunnels from the "admin" to both "lab" and "old" and then fired a tar through the tunnel.
Here's a pic of the machines:
http://www.quadratic.net/~david/wiredtunnels.gif
Three Machines:
"admin" the administrative machine.
"old" the machine that has the original filesystem.
"lab" the machine that I am building the filesytem on.
"admin" has natted vpn access to "old".
When I log on to "old" via the natting vpn, and do a who, it looks like I am connecting from fw1's private interface.
"admin" has natted vpn access to "lab".
When I log on to "lab" via the natting vpn, and do a who, it looks like I am connecting from fw3's private interface.
"old" has NO access to "lab", vpn or otherwise.
"lab" has NO access to "old", vpn or otherwise.
to get port 2222 on "old" to open port 2222 on "admin" (which is behind a nat fire wall) I run this on "admin".
ssh -v -g -q -f -l readonlyuser -R 2222:localhost:2222 10.1.1.2 tail -f /dev/null
now if we open port 2222 on the old machine we will get port 2222 on the admin machine. At this time there is nothing listening on port 2222 on the admin machine so this command on it's own won't be very exciting.
to forward port 2222 on "admin" to port 22 on "lab":
ssh -g -q -f -l readonlyuser -L 2222:localhost:22 10.1.3.2 tail -f /dev/null
now we can ssh to port 2222 on the pold machine, that will get forwarded to port 2222 on the admin machine , which will in turn get forwarded to port 22 on the lab machine. Now to do some work over the tunels.
to copy the home partition files from "old" dirrectly to "lab" (via "admin")
tar -vcf - /home | ssh -l root localhost -p 2222 tar -xf - -C /
neat huh?
There's only one bad thing I did; I set PermitRootLogin to "yes" on the lab machine's sshd. I set it back to "no" after finishing the operation. Be sure to send HUPs to the tail and ssh process when you are done.