From f7b6b1bed2d30a6c6d1a9392e748819c7291379a Mon Sep 17 00:00:00 2001 From: Nathan Dyer Date: Wed, 6 Sep 2023 10:32:53 -0400 Subject: [PATCH] Replace references to the Tails Installer with Tails Cloner --- docs/admin/deployment/onboarding_admins.rst | 38 +++++++++------------ docs/admin/deployment/remote.rst | 2 +- 2 files changed, 17 insertions(+), 23 deletions(-) diff --git a/docs/admin/deployment/onboarding_admins.rst b/docs/admin/deployment/onboarding_admins.rst index 3918e2ab3..2826f978e 100644 --- a/docs/admin/deployment/onboarding_admins.rst +++ b/docs/admin/deployment/onboarding_admins.rst @@ -38,42 +38,36 @@ To set up AW2, follow these steps: (You will need to on-board the new admin's 2FA device to complete this step. If this is not possible yet, you can defer it until later.) 4. Insert the empty AW2 USB drive. -5. Launch the Tails installer (**Applications ▸ Tails ▸ Tails Installer**). +5. Launch the Tails Cloner (**Applications ▸ Tails ▸ Tails Cloner**). Select the option to **Clone the current Tails.** This will delete all data on the AW2 USB drive. 6. Check the box marked **Clone the current Persistent Storage.** 7. Click **Install**. 8. Choose a unique passphrase for AW2 and record it securely. 9. Shut down AW1. -10. Boot AW2, set an Admin password on the welcome screen, unlock the Persistent Storage, and - enable all the options in the Persistent Storage settings. -11. Record the new passphrase for AW2 securely. +10. Boot AW2 and unlock the Persistent Storage. +11. Open the KeePassXC database, remove any unneeded credentials from AW1, and store + the new account credentials you created in step 3. 12. Generate a new keypair on AW2 using the following command: ``ssh-keygen -t rsa -b 4096`` When prompted, store the keypair in the default location. -13. Run the command ``./securedrop-admin tailsconfig`` in ``~/Persistent/securedrop``. +12. Run the command ``./securedrop-admin tailsconfig`` in ``~/Persistent/securedrop``. This will set up desktop shortcuts and SSH access. -14. Insert AW1. It should show up in the list of storage devices in the file manager under - a label like "7.0 GB Encrypted". Click the label and enter the drive - password when prompted to unlock it. -15. In a terminal, type the following commands to authorize the newly created SSH keypair +13. In a terminal, type the following commands to authorize the newly created SSH keypair on your servers: - ``ssh-add`` - ``ssh-add /media/amnesia/TailsData/openssh-client/id_rsa`` - ``ssh-copy-id app`` - ``ssh-copy-id mon`` - ``ssh-add -D`` -16. Confirm that you are able to access ``mon`` and ``app`` via SSH (``ssh app`` and ``ssh mon``). -17. Confirm that you are able to access the *Source Interface* and the *Journalist + + * ``ssh-add`` + * ``ssh-add /media/amnesia/TailsData/openssh-client/id_rsa`` + * ``ssh-copy-id app`` + * ``ssh-copy-id mon`` + * ``ssh-add -D`` +14. Confirm that you are able to access ``mon`` and ``app`` via SSH (``ssh app`` and ``ssh mon``). +15. Confirm that you are able to access the *Source Interface* and the *Journalist Interface* using the desktop shortcuts. -18. :ref:`Initialize a passphrase database ` on AW2. - Store the admin account details using KeePassXC, and other account - information this admin will need in the course of administering this - system. -19. Shut down AW2. -20. :doc:`Back up AW2 <../maintenance/backup_workstations>`. +16. Shut down AW2. +17. :doc:`Back up AW2 <../maintenance/backup_workstations>`. You can now provide AW2 to the new administrator. Ensure that they store the disk encryption passphrase in a secure manner: in most configurations, it is the diff --git a/docs/admin/deployment/remote.rst b/docs/admin/deployment/remote.rst index 468b6253d..8bdf51df0 100644 --- a/docs/admin/deployment/remote.rst +++ b/docs/admin/deployment/remote.rst @@ -108,7 +108,7 @@ To create the new SVS USB: When you see the welcome dialog, unlock the persistent storage volume. 2. Insert the new (empty) SVS USB. -3. Launch the Tails installer (**Applications ▸ Tails ▸ Tails Installer**). +3. Launch the Tails Cloner (**Applications ▸ Tails ▸ Tails Cloner**). Select the option to **Clone the current Tails**. This will delete any data on the new SVS drive. 4. Check the box marked **Clone the current Persistent Storage**.