clonezilla-live Mailing List for Clonezilla
A partition and disk imaging/cloning program
Brought to you by:
steven_shiau
Menu
▾
▴
clonezilla-live — Anything about Clonezilla live
You can subscribe to this list here.
| 2007 |
Jan
|
Feb
|
Mar
(3) |
Apr
(5) |
May
(13) |
Jun
(6) |
Jul
(5) |
Aug
|
Sep
(12) |
Oct
(8) |
Nov
(9) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
(9) |
Feb
(5) |
Mar
(16) |
Apr
(10) |
May
(2) |
Jun
(4) |
Jul
(22) |
Aug
(26) |
Sep
(8) |
Oct
(33) |
Nov
(25) |
Dec
(13) |
| 2009 |
Jan
(54) |
Feb
(65) |
Mar
(15) |
Apr
(12) |
May
(29) |
Jun
(46) |
Jul
(23) |
Aug
(71) |
Sep
(22) |
Oct
(13) |
Nov
(16) |
Dec
(65) |
| 2010 |
Jan
(18) |
Feb
(22) |
Mar
(26) |
Apr
(82) |
May
(36) |
Jun
(45) |
Jul
(40) |
Aug
(6) |
Sep
(44) |
Oct
(33) |
Nov
(8) |
Dec
(38) |
| 2011 |
Jan
(16) |
Feb
(13) |
Mar
(19) |
Apr
(27) |
May
(37) |
Jun
(14) |
Jul
(4) |
Aug
(2) |
Sep
(13) |
Oct
(5) |
Nov
(6) |
Dec
(6) |
| 2012 |
Jan
(6) |
Feb
(1) |
Mar
(36) |
Apr
(13) |
May
(4) |
Jun
(4) |
Jul
|
Aug
|
Sep
|
Oct
(5) |
Nov
(5) |
Dec
(4) |
| 2013 |
Jan
(7) |
Feb
(6) |
Mar
(3) |
Apr
(5) |
May
(1) |
Jun
(8) |
Jul
(5) |
Aug
(3) |
Sep
|
Oct
(1) |
Nov
(2) |
Dec
|
| 2014 |
Jan
(12) |
Feb
(10) |
Mar
|
Apr
(2) |
May
(3) |
Jun
|
Jul
(1) |
Aug
(8) |
Sep
(1) |
Oct
(1) |
Nov
(2) |
Dec
(2) |
| 2015 |
Jan
(13) |
Feb
(6) |
Mar
(2) |
Apr
(4) |
May
(15) |
Jun
(6) |
Jul
(20) |
Aug
(2) |
Sep
(1) |
Oct
(2) |
Nov
(4) |
Dec
(1) |
| 2016 |
Jan
|
Feb
(2) |
Mar
|
Apr
(7) |
May
(1) |
Jun
(12) |
Jul
(1) |
Aug
|
Sep
|
Oct
(1) |
Nov
(6) |
Dec
|
| 2017 |
Jan
|
Feb
(1) |
Mar
(4) |
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(15) |
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(5) |
Sep
(2) |
Oct
(6) |
Nov
(4) |
Dec
(4) |
| 2019 |
Jan
(1) |
Feb
(1) |
Mar
(1) |
Apr
(1) |
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
(1) |
Oct
(1) |
Nov
|
Dec
|
| 2020 |
Jan
|
Feb
(2) |
Mar
(5) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
|
Nov
(11) |
Dec
(2) |
| 2021 |
Jan
(2) |
Feb
|
Mar
(5) |
Apr
(2) |
May
|
Jun
|
Jul
(2) |
Aug
(4) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
(16) |
Jun
(3) |
Jul
(6) |
Aug
(13) |
Sep
|
Oct
|
Nov
(2) |
Dec
(1) |
| 2023 |
Jan
|
Feb
(1) |
Mar
|
Apr
(4) |
May
(6) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(7) |
Nov
(9) |
Dec
(2) |
| 2024 |
Jan
(8) |
Feb
(1) |
Mar
|
Apr
(9) |
May
(2) |
Jun
|
Jul
(2) |
Aug
(5) |
Sep
(7) |
Oct
(1) |
Nov
|
Dec
|
| 2025 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
(10) |
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
(7) |
Nov
(5) |
Dec
|
|
From: Brian W. <br...@so...> - 2025-11-03 04:57:24
|
<div dir='auto'>I made a backup a few weeks ago of a red hat 8.10 physical machine. I thought it went well till I tried to restore the backup. No matter what I do, if I try to restore the image I made I get a grub looking menu that instead of presenting a list of kernels, prompts for credentials. Using clonezilla and live gets me a boot failure. If I use a restore disc I can get into the machine but all the grub 2 commands have failed and leave me at the credentials prompt. I am using UEFI without secure boot.<div dir="auto"><br></div><div dir="auto">Brian</div></div> |
|
From: Steven S. <ste...@ni...> - 2025-11-02 01:42:26
|
Please: 1. Take a photo about the error messages on the screen and share that. 2. Share the log file /var/log/clonezilla.log Thanks. Steven On 11/2/25 01:32, Dirk Meier via Clonezilla-live wrote: > Hello, > with Clonezilla 3.3.0-33-amd I tried to restore an older windows 7 disk-image > formlerly created with an older clonezilla version for intel cpus. > Clonezilla stopped with message: "Box is an unknown hard drive device" > Is restoring older windows images on intel not supported by actual clonezilla > version? > -- Steven Shiau <steven _at_ stevenshiau org> Public Key Server PGP Key ID: 4096R/163E3FB0 Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0 |
|
From: James E. <jam...@gm...> - 2025-11-01 19:16:02
|
Clonezilla - Browse /clonezilla_live_stable at SourceForge.net <https://sourceforge.net/projects/clonezilla/files/clonezilla_live_stable/> On Sat, Nov 1, 2025 at 1:25 PM Dirk Meier via Clonezilla-live < clo...@li...> wrote: > Hello Dan, > thanks for your answer. > I will try to restore with older version of clonezilla. But where to get? > Download page offers only actual versions. > > -- > Dirk > > Am Samstag, 1. November 2025, 18:57:10 CET schrieb Daniel G. Pesante: > > Hi. Most likely the result of not using the same Cl version used to > create > > the older w-7 image! Use that same Cl version and the issue will most > > likely not materialize. > > Dan > > > > On Sat, Nov 1, 2025 at 1:33 PM Dirk Meier via Clonezilla-live < > > > > clo...@li...> wrote: > > > Hello, > > > with Clonezilla 3.3.0-33-amd I tried to restore an older windows 7 > > > disk-image > > > formlerly created with an older clonezilla version for intel cpus. > > > Clonezilla stopped with message: "Box is an unknown hard drive device" > > > Is restoring older windows images on intel not supported by actual > > > clonezilla > > > version? > > > > > > -- > > > Dirk > > > > > > > > > > > > > > > _______________________________________________ > > > Clonezilla-live mailing list > > > Clo...@li... > > > https://lists.sourceforge.net/lists/listinfo/clonezilla-live > > > > > > > _______________________________________________ > Clonezilla-live mailing list > Clo...@li... > https://lists.sourceforge.net/lists/listinfo/clonezilla-live > |
|
From: Dirk M. <dir...@gm...> - 2025-11-01 18:24:05
|
Hello Dan, thanks for your answer. I will try to restore with older version of clonezilla. But where to get? Download page offers only actual versions. -- Dirk Am Samstag, 1. November 2025, 18:57:10 CET schrieb Daniel G. Pesante: > Hi. Most likely the result of not using the same Cl version used to create > the older w-7 image! Use that same Cl version and the issue will most > likely not materialize. > Dan > > On Sat, Nov 1, 2025 at 1:33 PM Dirk Meier via Clonezilla-live < > > clo...@li...> wrote: > > Hello, > > with Clonezilla 3.3.0-33-amd I tried to restore an older windows 7 > > disk-image > > formlerly created with an older clonezilla version for intel cpus. > > Clonezilla stopped with message: "Box is an unknown hard drive device" > > Is restoring older windows images on intel not supported by actual > > clonezilla > > version? > > > > -- > > Dirk > > > > > > > > > > _______________________________________________ > > Clonezilla-live mailing list > > Clo...@li... > > https://lists.sourceforge.net/lists/listinfo/clonezilla-live |
|
From: Dirk M. <dir...@gm...> - 2025-11-01 17:32:35
|
Hello, with Clonezilla 3.3.0-33-amd I tried to restore an older windows 7 disk-image formlerly created with an older clonezilla version for intel cpus. Clonezilla stopped with message: "Box is an unknown hard drive device" Is restoring older windows images on intel not supported by actual clonezilla version? -- Dirk |
|
From: Steven S. <ste...@ni...> - 2025-10-21 12:47:26
|
Stable Clonezilla live 3.3.0-33 is released. For more info, please check: https://sourceforge.net/p/clonezilla/news/2025/10/stable-clonezilla-live-333-33-released/ Steven -- Steven Shiau <steven _at_ stevenshiau org> Public Key Server PGP Key ID: 4096R/163E3FB0 Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0 |
|
From: Steven S. <ste...@ni...> - 2025-10-19 01:26:11
|
We have very limited man power in this project. Hence for the Linux kernel we only use the one from upstream, i.e., Debian or Ubuntu. Please ask this feature in Debian or Ubuntu for us if you can. Thank you very much. Steven On 10/16/25 23:05, yakkie wrote: > 回复: Re: [Clonezilla-live] YT-6801 driver > Hello! > It still cannot recognize yt6801,tested today. > best regards! > > > > 发自vivo电子邮件 > ---------- 回复的原邮件 ---------- > 发件人:Steven Shiau via Clonezilla-live > <clo...@li...> > 日期:2025年10月15日 21:11 > 主题:Re: [Clonezilla-live] YT-6801 driver > 收件人:clonezilla-live <clo...@li...> > 抄送: > > How about giving Ubuntu-based Clonezilla live a try? Especially the > testing one, like 20251015-questing: > > https://clonezilla.org/downloads.php > > Steven > > On 10/12/25 07:54, yakkie wrote: >> YT-6801 driver >> Hello: >> The newest version clonezilla cannot recognize YT6801 net card,so pxe >> client which use YT6801 netcard cannot bootup via pxe. >> Please add YT6801 netcard driver in clonezilla,thanks!! >> >> >> >> 发自vivo电子邮件 >> >> >> _______________________________________________ >> Clonezilla-live mailing list >> Clo...@li... >> https://lists.sourceforge.net/lists/listinfo/clonezilla-live > -- > Steven Shiau <steven _at_ stevenshiau org> > Public Key Server PGP Key ID: 4096R/163E3FB0 > Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0 > > > _______________________________________________ > Clonezilla-live mailing list > Clo...@li... > https://lists.sourceforge.net/lists/listinfo/clonezilla-live -- Steven Shiau <steven _at_ stevenshiau org> Public Key Server PGP Key ID: 4096R/163E3FB0 Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0 |
|
From: yakkie <ya...@12...> - 2025-10-16 15:05:44
|
Hello! It still cannot recognize yt6801,tested today. best regards! 发自vivo电子邮件---------- 回复的原邮件 ---------- 发件人:Steven Shiau via Clonezilla-live <clo...@li...> 日期:2025年10月15日 21:11 主题:Re: [Clonezilla-live] YT-6801 driver 收件人:clonezilla-live <clo...@li...> 抄送: How about giving Ubuntu-based Clonezilla live a try? Especially the testing one, like 20251015-questing: https://clonezilla.org/downloads.php Steven On 10/12/25 07:54, yakkie wrote: > > YT-6801 driver > Hello: > The newest version clonezilla cannot recognize YT6801 net card,so pxe client which use YT6801 netcard cannot bootup via pxe. > Please add YT6801 netcard driver in clonezilla,thanks!! > > > > 发自vivo电子邮件 > > > _______________________________________________ > > Clonezilla-live mailing list > > Clo...@li... > > https://lists.sourceforge.net/lists/listinfo/clonezilla-live > -- Steven Shiau <steven _at_ stevenshiau org> Public Key Server PGP Key ID: 4096R/163E3FB0 Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0 |
|
From: yakkie <ya...@12...> - 2025-10-15 13:25:55
|
Ubuntu based 20251005 was tested,failed.
I will try the 20251015 assp and feedback.
best regards!!
thanks!!
发自vivo电子邮件---------- 回复的原邮件 ----------
发件人:Steven Shiau via Clonezilla-live <clo...@li...>
日期:2025年10月15日 21:11
主题:Re: [Clonezilla-live] YT-6801 driver
收件人:clonezilla-live <clo...@li...>
抄送:
How about giving Ubuntu-based Clonezilla live a try? Especially the testing one, like 20251015-questing:
https://clonezilla.org/downloads.php
Steven
On 10/12/25 07:54, yakkie wrote:
>
> YT-6801 driver
> Hello:
> The newest version clonezilla cannot recognize YT6801 net card,so pxe client which use YT6801 netcard cannot bootup via pxe.
> Please add YT6801 netcard driver in clonezilla,thanks!!
>
>
>
> 发自vivo电子邮件
>
>
> _______________________________________________
>
> Clonezilla-live mailing list
>
> Clo...@li...
>
> https://lists.sourceforge.net/lists/listinfo/clonezilla-live
>
--
Steven Shiau <steven _at_ stevenshiau org>
Public Key Server PGP Key ID: 4096R/163E3FB0
Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0
|
|
From: Steven S. <ste...@ni...> - 2025-10-15 12:58:53
|
How about giving Ubuntu-based Clonezilla live a try? Especially the testing one, like 20251015-questing: https://clonezilla.org/downloads.php Steven On 10/12/25 07:54, yakkie wrote: > YT-6801 driver > Hello: > The newest version clonezilla cannot recognize YT6801 net card,so pxe > client which use YT6801 netcard cannot bootup via pxe. > Please add YT6801 netcard driver in clonezilla,thanks!! > > > > 发自vivo电子邮件 > > > _______________________________________________ > Clonezilla-live mailing list > Clo...@li... > https://lists.sourceforge.net/lists/listinfo/clonezilla-live -- Steven Shiau <steven _at_ stevenshiau org> Public Key Server PGP Key ID: 4096R/163E3FB0 Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0 |
|
From: Steven S. <ste...@ni...> - 2025-10-15 12:15:43
|
How about giving Ubuntu-based Clonezilla live a try? Especially the testing one, like 20251015-questing: https://clonezilla.org/downloads.php Steven On 10/12/25 07:54, yakkie wrote: > YT-6801 driver > Hello: > The newest version clonezilla cannot recognize YT6801 net card,so pxe > client which use YT6801 netcard cannot bootup via pxe. > Please add YT6801 netcard driver in clonezilla,thanks!! > > > > 发自vivo电子邮件 > > > _______________________________________________ > Clonezilla-live mailing list > Clo...@li... > https://lists.sourceforge.net/lists/listinfo/clonezilla-live -- Steven Shiau <steven _at_ stevenshiau org> Public Key Server PGP Key ID: 4096R/163E3FB0 Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0 |
|
From: yakkie <ya...@12...> - 2025-10-11 23:54:41
|
Hello: The newest version clonezilla cannot recognize YT6801 net card,so pxe client which use YT6801 netcard cannot bootup via pxe. Please add YT6801 netcard driver in clonezilla,thanks!! 发自vivo电子邮件 |
|
From: Steven S. <st...@na...> - 2025-06-23 13:26:26
|
Stable Clonezilla live 3.2.2-15 is released. For more info, please check: https://sourceforge.net/p/clonezilla/news/2025/06/stable-clonezilla-live-322-15-released/ Steven -- Steven Shiau <steven _at_ stevenshiau org> Public Key Server PGP Key ID: 4096R/163E3FB0 Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0 |
|
From: Steven S. <st...@na...> - 2025-05-16 07:55:30
|
Stable Clonezilla live 3.2.2-5 is released. For more info, please check: https://sourceforge.net/p/clonezilla/news/2025/05/stable-clonezilla-live-322-5-released/ Steven -- Steven Shiau <steven _at_ stevenshiau org> Public Key Server PGP Key ID: 4096R/163E3FB0 Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0 |
|
From: Robert K C. J. -I. F. D. Corp. <bco...@in...> - 2025-05-08 12:35:30
|
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Obviously, this doesn't apply if the image contains sensitive
information, but if it is just an OS install and some apps, run
the image over netcat and generate a hash on the result to confirm
it arrived ok.</p>
<p>It has been a while since I did SSH tunneling but it seems to me
that it would be simple to manually mount a remote NFS share.</p>
<p><br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 5/7/2025 2:12:47 PM, James Epp
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAJ...@ma...">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Honestly I hadn't thought too strictly in terms of
necessitating the encryption to occur within clonezilla but
seeing as we're on the *clonezilla* mailing list I suppose that
would be a fair restriction to apply (if nothing else for the
sake of refining a potential feature request).
<div><br>
</div>
<div>Again, SSH tunneling may be *an* approach here. I could've
sworn the live env has SSH built-in but whether that would
work I don't know. Just skimming the usage section of the code
you link to, my brain wanders towards some drop-in replacement
for netcat that would work for the -np option (or in a
different but similar vein, the --net-filter option).</div>
<div><br>
</div>
<div>I'm well outside my expertise at this point.</div>
</div>
<br>
<div class="gmail_quote gmail_quote_container">
<div dir="ltr" class="gmail_attr">On Wed, May 7, 2025 at
11:17 AM michaelof--- via Clonezilla-live <<a
href="mailto:clo...@li..."
moz-do-not-send="true" class="moz-txt-link-freetext">clo...@li...</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">VPN
would be of course a good idea, but as we have two Clonezilla
Live instances here, means "including" operating system, not
"only" Clonezilla, the VPN must be included/prepared by
Clonzilla "within" e.g the ISO.<br>
<br>
BUT thinking about this I strongly assume that your first
remarks reg. auth/enc keys are the key to the answer of my
question :)<br>
<br>
I've looked into the source code, and if I got it right, this
file (<a
href="https://github.com/stevenshiau/clonezilla/blob/62e404d8f1d8a4619cf116dac3598036f81e61a4/sbin/ocs-onthefly"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://github.com/stevenshiau/clonezilla/blob/62e404d8f1d8a4619cf116dac3598036f81e61a4/sbin/ocs-onthefly</a>)
is the relevant script. Which uses netcat (<a
href="https://manpages.org/nc" rel="noreferrer"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://manpages.org/nc</a>),
means UENCRYPTED.<br>
<br>
<br>
<br>
<br>
Am 07.05.25 um 14:43 schrieb James Epp:<br>
> I haven't done any testing (yet) but a couple more
thoughts on the subject:<br>
> <br>
> 1. I am not super skilled with network analysis. I will
not be able to tell just by looking at data streams whether
the data is compressed, encrypted, or both. Clonezilla almost
certainly compresses blocks in transit, so I probably won't be
able to tell much from that angle.<br>
> <br>
> 2. If you trust the LANs in both your source and target
networks/providers, you could consider doing something like a
VPN tunnel using any number of different
technologies/protocols. That would probably remove *most* of
the risk you're exposed to (because presumably you trust the
provider to not intercept/eavesdrop on your traffic as a
customer).<br>
> <br>
> 3. In terms of this evolving into a feature request,
maybe SSH tunneling is a method here but again we still face
the challenge of needing to authenticate the machines with one
another which is easier said than done (though one could argue
that's putting perfection before progress).<br>
> <br>
> On Tue, May 6, 2025 at 1:29 PM michaelof--- via
Clonezilla-live <<a
href="mailto:clo...@li..."
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">clo...@li...</a>
<mailto:<a
href="mailto:clo...@li..."
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">clo...@li...</a>>>
wrote:<br>
> <br>
> I assumed the same, but if this true and in case this
uncrypted communication is NOT documented - maybe I've just
not found it - it would IMHO be worth to add this to the docs.
E.g. with a warning "Use direct cloning only on LANs!" or
similar.<br>
> <br>
> <br>
> Just a remark: ** IF ** live cloning with sufficient
encryption would be possible, it would be IMHO a cool feature
and would be make the following use case for VPS possible:<br>
> <br>
> "Move" a "VPS old" to "VPS new", by using Clonezilla
Live in both VPS simultaneously. Needed from time to time, if.
e.g hosting company offers no "upgrade path" from VPS type A
to B, if you want to upgrade/modernize your VPS. Happens
frequently. Similar if hosting company increase prices etc.,
and you want to move to a different company.<br>
> - Very frequently VPS have only exactly one virtual
hdd<br>
> - Means, at least AFAIK, no chance to use a local
partimag, both on "old" or "new". I've tried to store the
image locally on "old", didn't work as I found no way to
"tell" Clonezilla to exclude the "partimag" Partition. LVM LV
in my case. Recursion errors by Clonezilla Live. Tried also to
use Clonezilla Live on "old", storing the image via SSH to
"new", "new" not Clonezilla Live, but "normal" Linux (mainly
hoster's default VPS images based). Imaging then (of course)
works fine, but NO IDEA how to tell Clonezilla Live in 2nd
step to "restore" from local partimag.. hen and egg :) Remark.
In my case I always had enough disk space available for all
these operations.<br>
> <br>
> I've solved this always by device to image, writing
via SSH to my PC @home, and afterwards restore to device,
reading via SSH from my PC @home. Works (of course, Clonezilla
is pretty stable :), but is naturally MUCH slower than data
center "old" to data center "new", or even within same data
center...<br>
> <br>
> <br>
> <br>
> Am 06.05.25 um 19:27 schrieb James Epp:<br>
> > I'm only responding to say that's an excellent
question I don't have an answer for but maybe I could try to
test that and inspect the traffic to see if there's a way to
tell. From a purely academic point of view though, I would
warn that unless you are manually typing in encryption keys on
both ends or some similar form of manual authentication
there's really no good way to prevent a MITM attack (at least
not from a modern "end to end" perspective).<br>
> ><br>
> > On Tue, May 6, 2025 at 10:40 AM michaelof---
via Clonezilla-live <<a
href="mailto:clo...@li..."
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">clo...@li...</a>
<mailto:<a
href="mailto:clo...@li..."
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">clo...@li...</a>>
<mailto:<a
href="mailto:clo...@li..."
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">clo...@li...</a>
<mailto:<a
href="mailto:clo...@li..."
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">clo...@li...</a>>>>
wrote:<br>
> ><br>
> > Hi all,<br>
> ><br>
> ><br>
> > haven't found anything in avail. docs and
mailing list archives:<br>
> ><br>
> > If I do a remote cloning via Clonezilla
live, one machine as remote-dest, one as remote-source, which
type of network communication is this using. Is there any
encryption between these two machines?<br>
> ><br>
> ><br>
> > Thanks,<br>
> > Michael<br>
> ><br>
> ><br>
> >
_______________________________________________<br>
> > Clonezilla-live mailing list<br>
> > <a
href="mailto:Clo...@li..."
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">Clo...@li...</a>
<mailto:<a
href="mailto:Clo...@li..."
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">Clo...@li...</a>>
<mailto:<a
href="mailto:Clo...@li..."
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">Clo...@li...</a>
<mailto:<a
href="mailto:Clo...@li..."
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">Clo...@li...</a>>><br>
> > <a
href="https://lists.sourceforge.net/lists/listinfo/clonezilla-live"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.sourceforge.net/lists/listinfo/clonezilla-live</a>
<<a
href="https://lists.sourceforge.net/lists/listinfo/clonezilla-live"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.sourceforge.net/lists/listinfo/clonezilla-live</a>>
<<a
href="https://lists.sourceforge.net/lists/listinfo/clonezilla-live"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.sourceforge.net/lists/listinfo/clonezilla-live</a>
<<a
href="https://lists.sourceforge.net/lists/listinfo/clonezilla-live"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.sourceforge.net/lists/listinfo/clonezilla-live</a>>><br>
> ><br>
> <br>
> <br>
> <br>
> _______________________________________________<br>
> Clonezilla-live mailing list<br>
> <a
href="mailto:Clo...@li..."
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">Clo...@li...</a>
<mailto:<a
href="mailto:Clo...@li..."
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">Clo...@li...</a>><br>
> <a
href="https://lists.sourceforge.net/lists/listinfo/clonezilla-live"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.sourceforge.net/lists/listinfo/clonezilla-live</a>
<<a
href="https://lists.sourceforge.net/lists/listinfo/clonezilla-live"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.sourceforge.net/lists/listinfo/clonezilla-live</a>><br>
> <br>
<br>
<br>
<br>
_______________________________________________<br>
Clonezilla-live mailing list<br>
<a href="mailto:Clo...@li..."
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">Clo...@li...</a><br>
<a
href="https://lists.sourceforge.net/lists/listinfo/clonezilla-live"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.sourceforge.net/lists/listinfo/clonezilla-live</a><br>
</blockquote>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre wrap="" class="moz-quote-pre">_______________________________________________
Clonezilla-live mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Clo...@li...">Clo...@li...</a>
<a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/clonezilla-live">https://lists.sourceforge.net/lists/listinfo/clonezilla-live</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Robert K Coffman Jr.
Info From Data Corp.
3307249000
<a class="moz-txt-link-abbreviated" href="mailto:su...@in...">su...@in...</a></pre>
</body>
</html>
|
|
From: <mic...@ro...> - 2025-05-08 12:27:35
|
Clonezilla Live Images have sshd included, as a Cloning from Clonzilla Live to a partimag on remote location accessible via ssh is possible. But this is from a Clonezilla perspective OUTGOING only. On the remote site there would be no Clonezilla Live, but whatever OS being able to server as SSH tunnel endpoint. Just brainstorming: One way to use an SSH tunnel between two Clonezilla Live instances, where already as of of now manual intervention is always neccesary, would be to "exchange" an ssh public key remotely. As of now, in this CLL (Clonezilla Live) to CLL scenario, you have to switch the CLL receiving the image (I always forget which side is remote-source and remote-dest :)) into "ready for connection mode", where in the mentioned script netcat has started, opened a socket, and listens. Then you have to enter on the other site, where the to be cloned device resides, the URL/IP/port etc. information abouit the waiting site. Exactly here could some steps be added: - sending site would use ssh_keygen to create a key pair for current CLL OS user. - Result would be the PUBLIC key, which the waiting site would need - Waiting site woud take the public key from previuos step, and add to ~/.ssh/authorized_keys for the current CLL OS user on the waiting site. From than on, sending site could connect via ssh, key based, getting an encrypted tunnel for the subsequent sending. Restriction IMHO is probably the "handshake": In the mentioned VPS to VPS scenario, in assumed 99% percent of cases CLL means rescue system, DVD/ISO booted CLL or similar. And access to CLL via VNC, more and more (only) browser based, from hosting companys' offered customer control panels. Means: a) no issue from a security perspective, if VNC connection is encrypted, also b) BUT: In most of the cases I'm aware of *** NO *** copy&paste would be possible. And "exchanging" public ssh keys by TYPING them into a remote VNC terminal is a pain in the neck, IMHO :D Am 07.05.25 um 20:12 schrieb James Epp: > Honestly I hadn't thought too strictly in terms of necessitating the encryption to occur within clonezilla but seeing as we're on the *clonezilla* mailing list I suppose that would be a fair restriction to apply (if nothing else for the sake of refining a potential feature request). > > Again, SSH tunneling may be *an* approach here. I could've sworn the live env has SSH built-in but whether that would work I don't know. Just skimming the usage section of the code you link to, my brain wanders towards some drop-in replacement for netcat that would work for the -np option (or in a different but similar vein, the --net-filter option). > > I'm well outside my expertise at this point. > > On Wed, May 7, 2025 at 11:17 AM michaelof--- via Clonezilla-live <clo...@li... <mailto:clo...@li...>> wrote: > > VPN would be of course a good idea, but as we have two Clonezilla Live instances here, means "including" operating system, not "only" Clonezilla, the VPN must be included/prepared by Clonzilla "within" e.g the ISO. > > BUT thinking about this I strongly assume that your first remarks reg. auth/enc keys are the key to the answer of my question :) > > I've looked into the source code, and if I got it right, this file (https://github.com/stevenshiau/clonezilla/blob/62e404d8f1d8a4619cf116dac3598036f81e61a4/sbin/ocs-onthefly <https://github.com/stevenshiau/clonezilla/blob/62e404d8f1d8a4619cf116dac3598036f81e61a4/sbin/ocs-onthefly>) is the relevant script. Which uses netcat (https://manpages.org/nc <https://manpages.org/nc>), means UENCRYPTED. > > > > > Am 07.05.25 um 14:43 schrieb James Epp: > > I haven't done any testing (yet) but a couple more thoughts on the subject: > > > > 1. I am not super skilled with network analysis. I will not be able to tell just by looking at data streams whether the data is compressed, encrypted, or both. Clonezilla almost certainly compresses blocks in transit, so I probably won't be able to tell much from that angle. > > > > 2. If you trust the LANs in both your source and target networks/providers, you could consider doing something like a VPN tunnel using any number of different technologies/protocols. That would probably remove *most* of the risk you're exposed to (because presumably you trust the provider to not intercept/eavesdrop on your traffic as a customer). > > > > 3. In terms of this evolving into a feature request, maybe SSH tunneling is a method here but again we still face the challenge of needing to authenticate the machines with one another which is easier said than done (though one could argue that's putting perfection before progress). > > > > On Tue, May 6, 2025 at 1:29 PM michaelof--- via Clonezilla-live <clo...@li... <mailto:clo...@li...> <mailto:clo...@li... <mailto:clo...@li...>>> wrote: > > > > I assumed the same, but if this true and in case this uncrypted communication is NOT documented - maybe I've just not found it - it would IMHO be worth to add this to the docs. E.g. with a warning "Use direct cloning only on LANs!" or similar. > > > > > > Just a remark: ** IF ** live cloning with sufficient encryption would be possible, it would be IMHO a cool feature and would be make the following use case for VPS possible: > > > > "Move" a "VPS old" to "VPS new", by using Clonezilla Live in both VPS simultaneously. Needed from time to time, if. e.g hosting company offers no "upgrade path" from VPS type A to B, if you want to upgrade/modernize your VPS. Happens frequently. Similar if hosting company increase prices etc., and you want to move to a different company. > > - Very frequently VPS have only exactly one virtual hdd > > - Means, at least AFAIK, no chance to use a local partimag, both on "old" or "new". I've tried to store the image locally on "old", didn't work as I found no way to "tell" Clonezilla to exclude the "partimag" Partition. LVM LV in my case. Recursion errors by Clonezilla Live. Tried also to use Clonezilla Live on "old", storing the image via SSH to "new", "new" not Clonezilla Live, but "normal" Linux (mainly hoster's default VPS images based). Imaging then (of course) works fine, but NO IDEA how to tell Clonezilla Live in 2nd step to "restore" from local partimag.. hen and egg :) Remark. In my case I always had enough disk space available for all these operations. > > > > I've solved this always by device to image, writing via SSH to my PC @home, and afterwards restore to device, reading via SSH from my PC @home. Works (of course, Clonezilla is pretty stable :), but is naturally MUCH slower than data center "old" to data center "new", or even within same data center... > > > > > > > > Am 06.05.25 um 19:27 schrieb James Epp: > > > I'm only responding to say that's an excellent question I don't have an answer for but maybe I could try to test that and inspect the traffic to see if there's a way to tell. From a purely academic point of view though, I would warn that unless you are manually typing in encryption keys on both ends or some similar form of manual authentication there's really no good way to prevent a MITM attack (at least not from a modern "end to end" perspective). > > > > > > On Tue, May 6, 2025 at 10:40 AM michaelof--- via Clonezilla-live <clo...@li... <mailto:clo...@li...> <mailto:clo...@li... <mailto:clo...@li...>> <mailto:clo...@li... <mailto:clo...@li...> <mailto:clo...@li... <mailto:clo...@li...>>>> wrote: > > > > > > Hi all, > > > > > > > > > haven't found anything in avail. docs and mailing list archives: > > > > > > If I do a remote cloning via Clonezilla live, one machine as remote-dest, one as remote-source, which type of network communication is this using. Is there any encryption between these two machines? > > > > > > > > > Thanks, > > > Michael > > > > > > > > > _______________________________________________ > > > Clonezilla-live mailing list > > > Clo...@li... <mailto:Clo...@li...> <mailto:Clo...@li... <mailto:Clo...@li...>> <mailto:Clo...@li... <mailto:Clo...@li...> <mailto:Clo...@li... <mailto:Clo...@li...>>> > > > https://lists.sourceforge.net/lists/listinfo/clonezilla-live <https://lists.sourceforge.net/lists/listinfo/clonezilla-live> <https://lists.sourceforge.net/lists/listinfo/clonezilla-live <https://lists.sourceforge.net/lists/listinfo/clonezilla-live>> <https://lists.sourceforge.net/lists/listinfo/clonezilla-live <https://lists.sourceforge.net/lists/listinfo/clonezilla-live> <https://lists.sourceforge.net/lists/listinfo/clonezilla-live <https://lists.sourceforge.net/lists/listinfo/clonezilla-live>>> > > > > > > > > > > > _______________________________________________ > > Clonezilla-live mailing list > > Clo...@li... <mailto:Clo...@li...> <mailto:Clo...@li... <mailto:Clo...@li...>> > > https://lists.sourceforge.net/lists/listinfo/clonezilla-live <https://lists.sourceforge.net/lists/listinfo/clonezilla-live> <https://lists.sourceforge.net/lists/listinfo/clonezilla-live <https://lists.sourceforge.net/lists/listinfo/clonezilla-live>> > > > > > > _______________________________________________ > Clonezilla-live mailing list > Clo...@li... <mailto:Clo...@li...> > https://lists.sourceforge.net/lists/listinfo/clonezilla-live <https://lists.sourceforge.net/lists/listinfo/clonezilla-live> > |
|
From: James E. <jam...@gm...> - 2025-05-07 18:13:20
|
Honestly I hadn't thought too strictly in terms of necessitating the encryption to occur within clonezilla but seeing as we're on the *clonezilla* mailing list I suppose that would be a fair restriction to apply (if nothing else for the sake of refining a potential feature request). Again, SSH tunneling may be *an* approach here. I could've sworn the live env has SSH built-in but whether that would work I don't know. Just skimming the usage section of the code you link to, my brain wanders towards some drop-in replacement for netcat that would work for the -np option (or in a different but similar vein, the --net-filter option). I'm well outside my expertise at this point. On Wed, May 7, 2025 at 11:17 AM michaelof--- via Clonezilla-live < clo...@li...> wrote: > VPN would be of course a good idea, but as we have two Clonezilla Live > instances here, means "including" operating system, not "only" Clonezilla, > the VPN must be included/prepared by Clonzilla "within" e.g the ISO. > > BUT thinking about this I strongly assume that your first remarks reg. > auth/enc keys are the key to the answer of my question :) > > I've looked into the source code, and if I got it right, this file ( > https://github.com/stevenshiau/clonezilla/blob/62e404d8f1d8a4619cf116dac3598036f81e61a4/sbin/ocs-onthefly) > is the relevant script. Which uses netcat (https://manpages.org/nc), > means UENCRYPTED. > > > > > Am 07.05.25 um 14:43 schrieb James Epp: > > I haven't done any testing (yet) but a couple more thoughts on the > subject: > > > > 1. I am not super skilled with network analysis. I will not be able to > tell just by looking at data streams whether the data is compressed, > encrypted, or both. Clonezilla almost certainly compresses blocks in > transit, so I probably won't be able to tell much from that angle. > > > > 2. If you trust the LANs in both your source and target > networks/providers, you could consider doing something like a VPN tunnel > using any number of different technologies/protocols. That would probably > remove *most* of the risk you're exposed to (because presumably you trust > the provider to not intercept/eavesdrop on your traffic as a customer). > > > > 3. In terms of this evolving into a feature request, maybe SSH tunneling > is a method here but again we still face the challenge of needing to > authenticate the machines with one another which is easier said than done > (though one could argue that's putting perfection before progress). > > > > On Tue, May 6, 2025 at 1:29 PM michaelof--- via Clonezilla-live < > clo...@li... <mailto: > clo...@li...>> wrote: > > > > I assumed the same, but if this true and in case this uncrypted > communication is NOT documented - maybe I've just not found it - it would > IMHO be worth to add this to the docs. E.g. with a warning "Use direct > cloning only on LANs!" or similar. > > > > > > Just a remark: ** IF ** live cloning with sufficient encryption > would be possible, it would be IMHO a cool feature and would be make the > following use case for VPS possible: > > > > "Move" a "VPS old" to "VPS new", by using Clonezilla Live in both > VPS simultaneously. Needed from time to time, if. e.g hosting company > offers no "upgrade path" from VPS type A to B, if you want to > upgrade/modernize your VPS. Happens frequently. Similar if hosting company > increase prices etc., and you want to move to a different company. > > - Very frequently VPS have only exactly one virtual hdd > > - Means, at least AFAIK, no chance to use a local partimag, both on > "old" or "new". I've tried to store the image locally on "old", didn't work > as I found no way to "tell" Clonezilla to exclude the "partimag" Partition. > LVM LV in my case. Recursion errors by Clonezilla Live. Tried also to use > Clonezilla Live on "old", storing the image via SSH to "new", "new" not > Clonezilla Live, but "normal" Linux (mainly hoster's default VPS images > based). Imaging then (of course) works fine, but NO IDEA how to tell > Clonezilla Live in 2nd step to "restore" from local partimag.. hen and egg > :) Remark. In my case I always had enough disk space available for all > these operations. > > > > I've solved this always by device to image, writing via SSH to my PC > @home, and afterwards restore to device, reading via SSH from my PC @home. > Works (of course, Clonezilla is pretty stable :), but is naturally MUCH > slower than data center "old" to data center "new", or even within same > data center... > > > > > > > > Am 06.05.25 um 19:27 schrieb James Epp: > > > I'm only responding to say that's an excellent question I don't > have an answer for but maybe I could try to test that and inspect the > traffic to see if there's a way to tell. From a purely academic point of > view though, I would warn that unless you are manually typing in encryption > keys on both ends or some similar form of manual authentication there's > really no good way to prevent a MITM attack (at least not from a modern > "end to end" perspective). > > > > > > On Tue, May 6, 2025 at 10:40 AM michaelof--- via Clonezilla-live < > clo...@li... <mailto: > clo...@li...> <mailto: > clo...@li... <mailto: > clo...@li...>>> wrote: > > > > > > Hi all, > > > > > > > > > haven't found anything in avail. docs and mailing list > archives: > > > > > > If I do a remote cloning via Clonezilla live, one machine as > remote-dest, one as remote-source, which type of network communication is > this using. Is there any encryption between these two machines? > > > > > > > > > Thanks, > > > Michael > > > > > > > > > _______________________________________________ > > > Clonezilla-live mailing list > > > Clo...@li... <mailto: > Clo...@li...> <mailto: > Clo...@li... <mailto: > Clo...@li...>> > > > https://lists.sourceforge.net/lists/listinfo/clonezilla-live < > https://lists.sourceforge.net/lists/listinfo/clonezilla-live> < > https://lists.sourceforge.net/lists/listinfo/clonezilla-live < > https://lists.sourceforge.net/lists/listinfo/clonezilla-live>> > > > > > > > > > > > _______________________________________________ > > Clonezilla-live mailing list > > Clo...@li... <mailto: > Clo...@li...> > > https://lists.sourceforge.net/lists/listinfo/clonezilla-live < > https://lists.sourceforge.net/lists/listinfo/clonezilla-live> > > > > > > _______________________________________________ > Clonezilla-live mailing list > Clo...@li... > https://lists.sourceforge.net/lists/listinfo/clonezilla-live > |
|
From: <mic...@ro...> - 2025-05-07 16:15:43
|
VPN would be of course a good idea, but as we have two Clonezilla Live instances here, means "including" operating system, not "only" Clonezilla, the VPN must be included/prepared by Clonzilla "within" e.g the ISO. BUT thinking about this I strongly assume that your first remarks reg. auth/enc keys are the key to the answer of my question :) I've looked into the source code, and if I got it right, this file (https://github.com/stevenshiau/clonezilla/blob/62e404d8f1d8a4619cf116dac3598036f81e61a4/sbin/ocs-onthefly) is the relevant script. Which uses netcat (https://manpages.org/nc), means UENCRYPTED. Am 07.05.25 um 14:43 schrieb James Epp: > I haven't done any testing (yet) but a couple more thoughts on the subject: > > 1. I am not super skilled with network analysis. I will not be able to tell just by looking at data streams whether the data is compressed, encrypted, or both. Clonezilla almost certainly compresses blocks in transit, so I probably won't be able to tell much from that angle. > > 2. If you trust the LANs in both your source and target networks/providers, you could consider doing something like a VPN tunnel using any number of different technologies/protocols. That would probably remove *most* of the risk you're exposed to (because presumably you trust the provider to not intercept/eavesdrop on your traffic as a customer). > > 3. In terms of this evolving into a feature request, maybe SSH tunneling is a method here but again we still face the challenge of needing to authenticate the machines with one another which is easier said than done (though one could argue that's putting perfection before progress). > > On Tue, May 6, 2025 at 1:29 PM michaelof--- via Clonezilla-live <clo...@li... <mailto:clo...@li...>> wrote: > > I assumed the same, but if this true and in case this uncrypted communication is NOT documented - maybe I've just not found it - it would IMHO be worth to add this to the docs. E.g. with a warning "Use direct cloning only on LANs!" or similar. > > > Just a remark: ** IF ** live cloning with sufficient encryption would be possible, it would be IMHO a cool feature and would be make the following use case for VPS possible: > > "Move" a "VPS old" to "VPS new", by using Clonezilla Live in both VPS simultaneously. Needed from time to time, if. e.g hosting company offers no "upgrade path" from VPS type A to B, if you want to upgrade/modernize your VPS. Happens frequently. Similar if hosting company increase prices etc., and you want to move to a different company. > - Very frequently VPS have only exactly one virtual hdd > - Means, at least AFAIK, no chance to use a local partimag, both on "old" or "new". I've tried to store the image locally on "old", didn't work as I found no way to "tell" Clonezilla to exclude the "partimag" Partition. LVM LV in my case. Recursion errors by Clonezilla Live. Tried also to use Clonezilla Live on "old", storing the image via SSH to "new", "new" not Clonezilla Live, but "normal" Linux (mainly hoster's default VPS images based). Imaging then (of course) works fine, but NO IDEA how to tell Clonezilla Live in 2nd step to "restore" from local partimag.. hen and egg :) Remark. In my case I always had enough disk space available for all these operations. > > I've solved this always by device to image, writing via SSH to my PC @home, and afterwards restore to device, reading via SSH from my PC @home. Works (of course, Clonezilla is pretty stable :), but is naturally MUCH slower than data center "old" to data center "new", or even within same data center... > > > > Am 06.05.25 um 19:27 schrieb James Epp: > > I'm only responding to say that's an excellent question I don't have an answer for but maybe I could try to test that and inspect the traffic to see if there's a way to tell. From a purely academic point of view though, I would warn that unless you are manually typing in encryption keys on both ends or some similar form of manual authentication there's really no good way to prevent a MITM attack (at least not from a modern "end to end" perspective). > > > > On Tue, May 6, 2025 at 10:40 AM michaelof--- via Clonezilla-live <clo...@li... <mailto:clo...@li...> <mailto:clo...@li... <mailto:clo...@li...>>> wrote: > > > > Hi all, > > > > > > haven't found anything in avail. docs and mailing list archives: > > > > If I do a remote cloning via Clonezilla live, one machine as remote-dest, one as remote-source, which type of network communication is this using. Is there any encryption between these two machines? > > > > > > Thanks, > > Michael > > > > > > _______________________________________________ > > Clonezilla-live mailing list > > Clo...@li... <mailto:Clo...@li...> <mailto:Clo...@li... <mailto:Clo...@li...>> > > https://lists.sourceforge.net/lists/listinfo/clonezilla-live <https://lists.sourceforge.net/lists/listinfo/clonezilla-live> <https://lists.sourceforge.net/lists/listinfo/clonezilla-live <https://lists.sourceforge.net/lists/listinfo/clonezilla-live>> > > > > > > _______________________________________________ > Clonezilla-live mailing list > Clo...@li... <mailto:Clo...@li...> > https://lists.sourceforge.net/lists/listinfo/clonezilla-live <https://lists.sourceforge.net/lists/listinfo/clonezilla-live> > |
|
From: James E. <jam...@gm...> - 2025-05-07 12:44:31
|
I haven't done any testing (yet) but a couple more thoughts on the subject: 1. I am not super skilled with network analysis. I will not be able to tell just by looking at data streams whether the data is compressed, encrypted, or both. Clonezilla almost certainly compresses blocks in transit, so I probably won't be able to tell much from that angle. 2. If you trust the LANs in both your source and target networks/providers, you could consider doing something like a VPN tunnel using any number of different technologies/protocols. That would probably remove *most* of the risk you're exposed to (because presumably you trust the provider to not intercept/eavesdrop on your traffic as a customer). 3. In terms of this evolving into a feature request, maybe SSH tunneling is a method here but again we still face the challenge of needing to authenticate the machines with one another which is easier said than done (though one could argue that's putting perfection before progress). On Tue, May 6, 2025 at 1:29 PM michaelof--- via Clonezilla-live < clo...@li...> wrote: > I assumed the same, but if this true and in case this uncrypted > communication is NOT documented - maybe I've just not found it - it would > IMHO be worth to add this to the docs. E.g. with a warning "Use direct > cloning only on LANs!" or similar. > > > Just a remark: ** IF ** live cloning with sufficient encryption would be > possible, it would be IMHO a cool feature and would be make the following > use case for VPS possible: > > "Move" a "VPS old" to "VPS new", by using Clonezilla Live in both VPS > simultaneously. Needed from time to time, if. e.g hosting company offers no > "upgrade path" from VPS type A to B, if you want to upgrade/modernize your > VPS. Happens frequently. Similar if hosting company increase prices etc., > and you want to move to a different company. > - Very frequently VPS have only exactly one virtual hdd > - Means, at least AFAIK, no chance to use a local partimag, both on "old" > or "new". I've tried to store the image locally on "old", didn't work as I > found no way to "tell" Clonezilla to exclude the "partimag" Partition. LVM > LV in my case. Recursion errors by Clonezilla Live. Tried also to use > Clonezilla Live on "old", storing the image via SSH to "new", "new" not > Clonezilla Live, but "normal" Linux (mainly hoster's default VPS images > based). Imaging then (of course) works fine, but NO IDEA how to tell > Clonezilla Live in 2nd step to "restore" from local partimag.. hen and egg > :) Remark. In my case I always had enough disk space available for all > these operations. > > I've solved this always by device to image, writing via SSH to my PC > @home, and afterwards restore to device, reading via SSH from my PC @home. > Works (of course, Clonezilla is pretty stable :), but is naturally MUCH > slower than data center "old" to data center "new", or even within same > data center... > > > > Am 06.05.25 um 19:27 schrieb James Epp: > > I'm only responding to say that's an excellent question I don't have an > answer for but maybe I could try to test that and inspect the traffic to > see if there's a way to tell. From a purely academic point of view though, > I would warn that unless you are manually typing in encryption keys on both > ends or some similar form of manual authentication there's really no good > way to prevent a MITM attack (at least not from a modern "end to end" > perspective). > > > > On Tue, May 6, 2025 at 10:40 AM michaelof--- via Clonezilla-live < > clo...@li... <mailto: > clo...@li...>> wrote: > > > > Hi all, > > > > > > haven't found anything in avail. docs and mailing list archives: > > > > If I do a remote cloning via Clonezilla live, one machine as > remote-dest, one as remote-source, which type of network communication is > this using. Is there any encryption between these two machines? > > > > > > Thanks, > > Michael > > > > > > _______________________________________________ > > Clonezilla-live mailing list > > Clo...@li... <mailto: > Clo...@li...> > > https://lists.sourceforge.net/lists/listinfo/clonezilla-live < > https://lists.sourceforge.net/lists/listinfo/clonezilla-live> > > > > > > _______________________________________________ > Clonezilla-live mailing list > Clo...@li... > https://lists.sourceforge.net/lists/listinfo/clonezilla-live > |
|
From: <mic...@ro...> - 2025-05-06 18:28:16
|
I assumed the same, but if this true and in case this uncrypted communication is NOT documented - maybe I've just not found it - it would IMHO be worth to add this to the docs. E.g. with a warning "Use direct cloning only on LANs!" or similar. Just a remark: ** IF ** live cloning with sufficient encryption would be possible, it would be IMHO a cool feature and would be make the following use case for VPS possible: "Move" a "VPS old" to "VPS new", by using Clonezilla Live in both VPS simultaneously. Needed from time to time, if. e.g hosting company offers no "upgrade path" from VPS type A to B, if you want to upgrade/modernize your VPS. Happens frequently. Similar if hosting company increase prices etc., and you want to move to a different company. - Very frequently VPS have only exactly one virtual hdd - Means, at least AFAIK, no chance to use a local partimag, both on "old" or "new". I've tried to store the image locally on "old", didn't work as I found no way to "tell" Clonezilla to exclude the "partimag" Partition. LVM LV in my case. Recursion errors by Clonezilla Live. Tried also to use Clonezilla Live on "old", storing the image via SSH to "new", "new" not Clonezilla Live, but "normal" Linux (mainly hoster's default VPS images based). Imaging then (of course) works fine, but NO IDEA how to tell Clonezilla Live in 2nd step to "restore" from local partimag.. hen and egg :) Remark. In my case I always had enough disk space available for all these operations. I've solved this always by device to image, writing via SSH to my PC @home, and afterwards restore to device, reading via SSH from my PC @home. Works (of course, Clonezilla is pretty stable :), but is naturally MUCH slower than data center "old" to data center "new", or even within same data center... Am 06.05.25 um 19:27 schrieb James Epp: > I'm only responding to say that's an excellent question I don't have an answer for but maybe I could try to test that and inspect the traffic to see if there's a way to tell. From a purely academic point of view though, I would warn that unless you are manually typing in encryption keys on both ends or some similar form of manual authentication there's really no good way to prevent a MITM attack (at least not from a modern "end to end" perspective). > > On Tue, May 6, 2025 at 10:40 AM michaelof--- via Clonezilla-live <clo...@li... <mailto:clo...@li...>> wrote: > > Hi all, > > > haven't found anything in avail. docs and mailing list archives: > > If I do a remote cloning via Clonezilla live, one machine as remote-dest, one as remote-source, which type of network communication is this using. Is there any encryption between these two machines? > > > Thanks, > Michael > > > _______________________________________________ > Clonezilla-live mailing list > Clo...@li... <mailto:Clo...@li...> > https://lists.sourceforge.net/lists/listinfo/clonezilla-live <https://lists.sourceforge.net/lists/listinfo/clonezilla-live> > |
|
From: James E. <jam...@gm...> - 2025-05-06 17:27:50
|
I'm only responding to say that's an excellent question I don't have an answer for but maybe I could try to test that and inspect the traffic to see if there's a way to tell. From a purely academic point of view though, I would warn that unless you are manually typing in encryption keys on both ends or some similar form of manual authentication there's really no good way to prevent a MITM attack (at least not from a modern "end to end" perspective). On Tue, May 6, 2025 at 10:40 AM michaelof--- via Clonezilla-live < clo...@li...> wrote: > Hi all, > > > haven't found anything in avail. docs and mailing list archives: > > If I do a remote cloning via Clonezilla live, one machine as remote-dest, > one as remote-source, which type of network communication is this using. Is > there any encryption between these two machines? > > > Thanks, > Michael > > > _______________________________________________ > Clonezilla-live mailing list > Clo...@li... > https://lists.sourceforge.net/lists/listinfo/clonezilla-live > |
|
From: <mic...@ro...> - 2025-05-06 15:38:48
|
Hi all, haven't found anything in avail. docs and mailing list archives: If I do a remote cloning via Clonezilla live, one machine as remote-dest, one as remote-source, which type of network communication is this using. Is there any encryption between these two machines? Thanks, Michael |
|
From: Steven S. <st...@na...> - 2025-05-06 13:33:59
|
Stable Clonezilla live 3.2.1-28 is released. For more info, please check: https://sourceforge.net/p/clonezilla/news/2025/05/-stable-clonezilla-live-321-28-released/ Steven -- Steven Shiau <steven _at_ stevenshiau org> Public Key Server PGP Key ID: 4096R/163E3FB0 Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0 |
|
From: Steven S. <st...@na...> - 2025-03-07 12:02:40
|
Stable Clonezilla live 3.2.1-9 is released. For more info, please check: https://sourceforge.net/p/clonezilla/news/2025/03/stable-clonezilla-live-321-9-released/ Steven -- Steven Shiau <steven _at_ stevenshiau org> Public Key Server PGP Key ID: 4096R/163E3FB0 Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0 |
|
From: Steven S. <st...@na...> - 2024-10-15 03:49:40
|
Stable Clonezilla live 3.2.0-5 is released. For more info, please check: https://sourceforge.net/p/clonezilla/news/2024/10/stable-clonezilla-live-320-5-released/ Steven -- Steven Shiau <steven _at_ stevenshiau org> Public Key Server PGP Key ID: 4096R/163E3FB0 Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0 |
4 messages has been excluded from this view by a project administrator.
