Simplify cloning steps due to not needing to generate a new SSH keypair

freedomofpress · Jan 4, 2024 · 5dae3b7 · 5dae3b7
1 parent 5cd6ae2
commit 5dae3b7
Showing 1 changed file with 5 additions and 24 deletions.
diff --git a/docs/admin/deployment/onboarding_admins.rst b/docs/admin/deployment/onboarding_admins.rst
@@ -44,34 +44,15 @@ To set up AW2, follow these steps:
 7. Click **Install**.
 8. Choose a unique passphrase for AW2 and record it securely.
 9. Shut down AW1.
-10. Boot AW2, set an Admin password on the welcome screen, unlock the Persistent Storage, and
-    enable all the options in the Persistent Storage settings.
-11. Record the new passphrase for AW2 securely.
-12. Generate a new keypair on AW2 using the following command:
-
-    ``ssh-keygen -t rsa -b 4096``
-
-    When prompted, store the keypair in the default location.
-13. Run the command ``./securedrop-admin tailsconfig`` in ``~/Persistent/securedrop``.
+10. Boot AW2 and unlock the Persistent Storage.
+11. Open the KeePassXC database, and remove any previous credentials from AW1
+    that are not needed for AW2.
+12. Run the command ``./securedrop-admin tailsconfig`` in ``~/Persistent/securedrop``.
 
     This will set up desktop shortcuts and SSH access.
-14. Insert AW1. It should show up in the list of storage devices in the file manager under
-    a label like "7.0 GB Encrypted". Click the label and enter the drive
-    password when prompted to unlock it.
-15. In a terminal, type the following commands to authorize the newly created SSH keypair
-    on your servers:
-    ``ssh-add``
-    ``ssh-add /media/amnesia/TailsData/openssh-client/id_rsa``
-    ``ssh-copy-id app``
-    ``ssh-copy-id mon``
-    ``ssh-add -D``
-16. Confirm that you are able to access ``mon`` and ``app`` via SSH (``ssh app`` and ``ssh mon``).
+13. Confirm that you are able to access ``mon`` and ``app`` via SSH (``ssh app`` and ``ssh mon``).
 17. Confirm that you are able to access the *Source Interface* and the *Journalist
     Interface* using the desktop shortcuts.
-18. :ref:`Initialize a passphrase database <keepassxc_setup>` on AW2.
-    Store the admin account details using KeePassXC, and other account
-    information this admin will need in the course of administering this
-    system.
 19. Shut down AW2.
 20. :doc:`Back up AW2 <../maintenance/backup_workstations>`.