From 9e3ea2fbbd86e3134d121aba20bd0a8b73893239 Mon Sep 17 00:00:00 2001 From: Kevin O'Gorman Date: Sun, 4 Apr 2021 16:38:42 -0400 Subject: [PATCH 1/2] updated restore procedure to remove SSH-related manual config update --- docs/backup_and_restore.rst | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/docs/backup_and_restore.rst b/docs/backup_and_restore.rst index 711ec92d1..601b2c353 100644 --- a/docs/backup_and_restore.rst +++ b/docs/backup_and_restore.rst @@ -314,25 +314,14 @@ Migrating Using a V2+V3 or V3-Only Backup ./securedrop-admin restore sd-backup-old.tar.gz The restore task will proceed for some time, removing v2 services if a v2+v3 - backup was used, and then will fail with the message: + backup was used. - .. code-block:: none - - ssh_exchange_identification: Connection closed by remote host - - during the ``Wait for Tor to reload`` task. This is expected; the - *Application Server*'s SSH onion service address was updated to the old - instance's address during the restore process, leaving it temporarily - unreachable. - -#. Copy the old instance's v3 onion service details into place on the - *Admin Workstation* and repair SSH access using the Terminal commands: +#. Synchronize the server and *Admin Workstation's* web interface config and + authentication keys using the Terminal commands: .. code:: sh - cd ~/Persistent/securedrop - cp $SD_OLD/app-{journalist,ssh}.auth_private $SD_NEW/ - cp $SD_OLD/app-sourcev3-ths $SD_NEW/ + ./securedrop-admin install ./securedrop-admin tailsconfig #. :doc:`Test the new instance ` to verify that the From 413b2652af342c2e77c68bce88f731c338638240 Mon Sep 17 00:00:00 2001 From: Kevin O'Gorman Date: Mon, 5 Apr 2021 14:45:37 -0400 Subject: [PATCH 2/2] Added note about restrictions when restoring from SSH-over-LAN backups --- docs/backup_and_restore.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/backup_and_restore.rst b/docs/backup_and_restore.rst index 601b2c353..7e7fd8145 100644 --- a/docs/backup_and_restore.rst +++ b/docs/backup_and_restore.rst @@ -167,6 +167,12 @@ Moving a SecureDrop instance to new hardware involves: All new SecureDrop instances must use v3 onion services only, so the final configuration will only include v3 onion services regardless of the backup state. +.. note:: If you need to restore from a backup from an instance configured to + use SSH-over-LAN onto an SSH-over-Tor instance, you must either first update + the target instance to use SSH-over-LAN or perform a data-only backup. + See :ref:`Data-only Restores ` for more information. + + The restore process differs based on the onion services that were configured on the old instance and preserved in the backup: