The source machine needs to be accessible by the destination machine, and in some scenarios, the destination machine needs to be accessible by other public hosts. For example, to access a web server service migrated to the container running on the destination machine, port 80 must be open on the destination machine. The following commands can be used to disable the firewall:
service iptables save
service iptables stop
Enable Passwordless SSH Login to the Source Machine
Passwordless SSH login to the source machine makes it easy to automate the migration task without the need to enter the root password each time an SSH connection is to be established. Run the following command to enable Passwordless SSH login to the source machine:
Generating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
|+Eo. +o.o. |
|.o ..o. o* |
|. o ... + = |
| o o o O |
|. o + . S = |
| o + . + o |
|+ o + o . + |
| *.+ = o |
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.174.136 (192.168.174.136)' can't be established.
RSA key fingerprint is SHA256:kPvy9f8mtDeO0lRwxkXWH+YhChwiXw1rjPHMfUkqk6A.
RSA key fingerprint is MD5:12:bc:0c:7d:d1:44:6c:ec:24:b6:52:b2:4b:7b:df:c0.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
email@example.com's password: *********
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'firstname.lastname@example.org'"
and check to make sure that only the key(s) you wanted were added.
In OpenSSL 3, SHA-1 signatures are discarded as insecure by default. As the source machine may be quite old and using insecure signatures, we need to allow them temporarily to allow ssh access to the source machine.
Allow SHA-1 signatures
update-crypto-policies --set DEFAULT:SHA1
Undo change after migration
update-crypto-policies --set DEFAULT
Install Source Agent on Source Machine
A VirtaMove Source Agent service can be installed on the source machine to support copying of the extended attributes (xattr) of migrated files. In most cases, Source Agent is not required, but in case it is, run the following command on the destination machine to install it remotely to the source machine: