Add note regarding v2 SSH services; update date in prev. guide

freedomofpress · Jan 26, 2021 · 424a7d1 · 424a7d1
1 parent 63df5d1
commit 424a7d1
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/docs/upgrade/1.5.0_to_1.6.0.rst b/docs/upgrade/1.5.0_to_1.6.0.rst
@@ -82,7 +82,12 @@ graphical prompts to update to the latest version.
 V3 Onion Services
 -----------------
 
-Due to security and anonymity improvements in v3 of the onion services protocol, support for v2 onion services will be removed from SecureDrop in February 2021. If your SecureDrop instance is still using 16-character v2 onion URLs, you should migrate to v3 onion services at the earliest opportunity, and contact us via the Support Portal if you require assistance doing so. For more information, see :doc:`our migration documentation <../v3_services>`.
+Due to security and anonymity improvements in v3 of the onion services protocol,
+support for v2 onion services will be removed from SecureDrop in March 2021. If
+your SecureDrop instance is still using 16-character v2 onion URLs, you should
+migrate to v3 onion services at the earliest opportunity, and contact us via
+the Support Portal if you require assistance doing so. For more information,
+see :doc:`our migration documentation <../v3_services>`.
 
 Getting Support
 ---------------

diff --git a/docs/upgrade/1.6.0_to_1.7.0.rst b/docs/upgrade/1.6.0_to_1.7.0.rst
@@ -12,6 +12,9 @@ Automatic server upgrades
 As with previous releases, your servers will be upgraded to the latest version
 of SecureDrop automatically within 24 hours of the release.
 
+
+.. _updating_workstations_170:
+
 Updating Workstations to SecureDrop 1.7.0
 -----------------------------------------
 
@@ -96,6 +99,26 @@ If you are not already running v3 onion services (easily recognizable by their
 earliest convenience to keep your instance running. See our
 :doc:`upgrade guide <../v3_services>` for details.
 
+.. note::
+
+  If you have previously disabled v2 onion services, due to a bug that was fixed
+  in SecureDrop 1.7.0, SSH access via v2 onion services may still be enabled,
+  and you may receive OSSEC alerts warning you that v2 onion services are still
+  running.
+
+  To fully disable v2 onion services:
+
+  1. Make sure that your *Admin Workstation* is up-to-date by following the
+     :ref:`earlier steps <updating_workstations_170>`.
+  2. Run ``./securedrop-admin sdconfig`` from your ``~/Persistent/securedrop``
+     and confirm that all configuration settings are correct. In particular,
+     make sure that v2 onion services are disabled, and v3 onion services are
+     enabled.
+  3. Re-run the install playbook via ``./securedrop-admin install``.
+
+  We apologize for the inconvenience. Please contact us if you have any
+  questions about this process.
+
 Preparing for Ubuntu 20.04
 --------------------------
 The current server operating system, Ubuntu 16.04, will no longer receive