Roholt

My Sketchbook!

Menu tonen Verberg menu

Tagssh

Create bitwise copy of EMMC/SD/HDD/SDD over the network (backup using ssh pipe)

8 juni 2021 / / Geen reacties

It can be convenient to make a bitwise copy. For example to place the contents of 1 embedded board (i.e. Beaglebone) to another embedded board.

If the device to copy is also the storage device that holds the OS, then boot from another device, for example a “Try Ubuntu” usb drive.

We stream the data over the network, because the devices themselves mostly have no space to place the image somewhere on the that device.

Assumption is that you have a working ssh server on the device you want to copy to.

The perform the following:

  1. Find the correct device to make a copy from. So the whole device, not the partition.
    In my case it is “/dev/mmcblk0” so without the partition indicator -> “p1”.
  2. Find the ip adress of the device to copy to (or use hostname)

To create an image:

> sudo cat /dev/mmcblk0 | ssh <user>@<ip-adress> "gzip ~/image.gz"

After the operation is done you have a bitwise copy gzipped on your <ip-address> machine in the home directory of the <user>

To deploy an earlier created image back to the device, from the device to deploy to (Make sure you booted from another device than we are copying to):

> ssh <user>@<ip-address> "gzip -dc ~/image.gz" | dd of=/dev/mmcblk0 status=progress

Get notified on a SSH login

12 januari 2021 / / 2 reacties

Of course nobody should be able to login to your server. But if someone finds a way to do it, don’t you want to know it?

I am running an Ubuntu Server that uses motd to welcome logged in users. Therefore I am using motd to execute a script for me once a user logged in.

I extracted the details of the just logged in user from /var/log/auth.log, and uses the IP address and a resolver (ipapi.co in my case) to resolve the IP address to a location.

I am using a Telegram Chat with my own Telegram bot to notify me. I might write a small blogpost about my Telegram bot in the future.

Place the script in a file, make it executable, and place it in /etc/update-motd.d/. For example:

$ touch /etc/update-motd/01-notify-me.sh
$ chmod +x /etc/update-motd/01-notify-me.sh
$ vi /etc/update-motd/01-notify-me.sh # Add script

And the actual script:

#!/bin/bash

_loginDetails=$(grep "Accepted" /var/log/auth.log | tail -n 1)
_IP=$(echo $_loginDetails | awk '{print $11}')
_LOCATION=$(curl https://ipapi.co/${_IP}/json/ | jq .city -r)
_METHOD=$(echo $_loginDetails | awk '{print $7}')
_WHO=$(echo $_loginDetails | awk '{print $4}')
message="[SSH LOGIN] => ${_WHO} from ${_LOCATION}, IP: ${_IP}, AUTH: ${_METHOD}"

curl -s -X POST https://api.telegram.org/<bot_token>/sendMessage -d chat_id=<chat_id> -d text="${message}"

Additional security measures should be taken, for example:

  • Login with Key only
  • Disallow root login via ssh
  • Blacklist IP’s
  • Block based on Geo location
  • fail2ban

Recente berichten

Recente berichten

© 2025 Roholt

Thema door Anders NorénOmhoog ↑