Additional migration details (SSH, extra admin USBS)

[rocodes]

Status

Ready for review

Description of Changes

• Description: Add instructions for repairing additional Admin USBs. Add notes on rotating SSH key during migration.

• Fixes Migration docs should specify what to do with old id_rsa files #174

• Fixes Clarify network access requirements for migration procedure #175

• Fixes Clarify post-migration instructions for preserving SSH access on all Admin Workstations #176

Testing

• Visual review
• Step through mon ssh repair

Release

• n/a

Checklist (Optional)

• Doc linting (make docs-lint) passed locally
• Doc link linting (make docs-linkcheck) passed
• You have previewed (make docs) docs at http://localhost:8000

[eloquence]

typo: generatating->generating

[rocodes]

fixed in fc894a2

[eloquence]

I would say "set an administration password and unlock the persistent volume on the Tails welcome screen" (that's more consistent with the language we've used elsewhere in the docs).

[eloquence]

I would remove "Do not skip this step". If you want the Wipe/Format steps to stand out clearly, we could separate them.

[eloquence]

• This feels like it might be better placed in context, or in the preface of this section.
• In any event, I would suggest making it clearer that this only pertains to the id_rsa/id_rsa.pub portion of the instructions -- they'll still need to copy the service details to each admin stick.

[eloquence]

Application->application

[eloquence]

Thanks @rocodes! At a high level, the process makes sense to me; my comments are mainly smaller nits. I've not tested the full procedure yet, but I have verified that the find command works as expected. If you have done a full procedural test, I would consider that sufficient to merge.

I'll admit that I personally just did the plug Admin Workstation 2 into Admin Workstation 1 and copy files over thing. There are reasonable security arguments to use an additional device, but also some additional opsec risks. As we do real-world migrations with admins, I would suggest we keep an eye out for these complexity traps, where real world procedures may not end up reflecting what we put in our docs.

[rocodes]

I'll admit that I personally just did the plug Admin Workstation 2 into Admin Workstation 1 and copy files over thing. There are reasonable security arguments to use an additional device, but also some additional opsec risks. As we do real-world migrations with admins, I would suggest we keep an eye out for these complexity traps, where real world procedures may not end up reflecting what we put in our docs.

These are reasonable concerns. I'll defer to others on what the best procedure is, but my reasons for using an intermediate device are:

• potentially error-prone and/or destructive operation with the only good Admin Workstation; best principle is to propose the nondestructive path
• people who can understand these instructions and come up with a shortcut are welcome to do so

[rocodes]

Thanks for your comments, addressed in fc894a2

[eloquence]

Thanks @rocodes! :) Is this ready for final review, or do you want to pull in #175 as well?

[rocodes]

Ok, updated to also address #175. If we're happy with the 'luks usb to copy credentials to other admin sticks' approach, this is ready for review+merge.

[eloquence]

LGTM; I pushed one small commit for whitespace/formatting tweaks and a typo (encryped->encrypted). We do have a merge conflict with the changes from #181. In case it's helpful for your copy/paste convenience, I've pushed 3782d8b in a separate branch, which squashes the changes in this PR into one commit, and resolves the conflict with main (I didn't want to force-push to this branch to avoid messing with your commit authorship).

[eloquence]

Looks great, thanks again for your work on this @rocodes!