Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exclude SSH tor config from server restores #5833

Closed
zenmonkeykstop opened this issue Mar 1, 2021 · 4 comments · Fixed by #5886
Closed

Exclude SSH tor config from server restores #5833

zenmonkeykstop opened this issue Mar 1, 2021 · 4 comments · Fixed by #5886
Labels
needs/docs
Milestone
1.8.1

Comments

@zenmonkeykstop
Copy link
Contributor

Description

SSH onion service configurations should not be restored from backups:

  • in the scenario where you're restoring onto a server with the same tor config as the backup, it doesn't do anything
  • in the scenario where you're restoring over a fresh install, it breaks a working ssh config, currently requiring manual intervention to fix

A migration without restoring ssh configs would look like:

  • install fresh (using old tor_v3_keys.json if safe and available)
  • restore - old data and ji/si onion addresses now in place, fresh install SSH config preserved
  • run install - old ji/si auth keys overwritten with new ones (only required if old tor_v3_keys.json not used in install
  • run tailsconfig - ji/si tails-side configs updated

User Research Evidence

Anecdotal based on experience testing migration flows in 1.8.0-rc1

User Stories

As an admin, I want to be able to perform a restore or migration with minimal manual steps and without the risk of breaking SSH access and needing to fix it in person.
@conorsch
Copy link
Contributor

conorsch commented Mar 1, 2021

Migration would be a heck of a lot simpler if we were to stop restoring SSH services, and just stick with what's new. The only downside would be that organizations with multiple administrators, each using their own Admin Workstation USB stick, would need to synchronize the new service info out of band. In all other circumstances, it's a lot simpler and more straightforward to reuse the new v3-only services created on the new host.

@zenmonkeykstop
Copy link
Contributor Author

For orgs doing the Focal migration over the next month or two who are not already on v3, they'll need to do that oob sync regardless.

@zenmonkeykstop
Copy link
Contributor Author

I'm gonna defer this to 1.9.0 unless there are objections. Sorting out the migration process took longer than expected, and it only saves a couple of steps in that process. It would save more if the client-side Tor config files were rebuilt as part of the process (as opposed to being manually copied into place) but that's a bit much to take on during the QA period.

@zenmonkeykstop zenmonkeykstop added this to the 1.9.0 milestone Mar 3, 2021
@eloquence eloquence modified the milestones: 1.9.0, 1.8.1 Mar 24, 2021
@eloquence
Copy link
Member

(Added needs/docs because the backup/migration guide will need to be updated.)

This was referenced Apr 5, 2021
Merged
Merged
@rmol rmol closed this as completed in #5886 Apr 6, 2021
@kushaldas kushaldas mentioned this issue Apr 12, 2021
Closed
23 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs/docs
Projects
None yet
Milestone
1.8.1
3 participants
@eloquence @conorsch @zenmonkeykstop