Frequently Asked Questions

Some initial troubleshooting steps for common scenarios follow. If you continue to have trouble after following these steps, you can contact the SecureDrop team for further assistance.

Generic Troubleshooting Tips

When troubleshooting, ensure you are on the latest version of SecureDrop in your Admin Workstation. This is done by accepting the update when prompted at boot in the GUI that appears.

I can’t SSH into my servers over Tor from my Admin Workstation. What do I do?

At any point after the successful installation of SecureDrop, if you cannot SSH into your Admin Workstation, you should first perform the following troubleshooting steps:

  1. Ensure that you are connected to Tor. You can do this by browsing to any site in Tor Browser in your Admin Workstation.

  2. Ensure your servers are online. Visit the Admin Interface to check your Application Server is online, and you can trigger a test OSSEC alert to verify your Monitor Server is online.

  3. Ensure that SSH aliases and onion service authentication are configured:

    • First, ensure that the correct configuration files are present in ~/Persistent/securedrop/install_files/ansible-base:

      • app-ssh.auth_private

      • mon-ssh.auth_private

      • app-journalist.auth_private

      • app-sourcev3-ths

      • tor_v3_keys.json

    • Then, from ~/Persistent/securedrop, run ./securedrop-admin tailsconfig. This will ensure your local Tails environment is configured properly.

  4. Confirm that your SSH key is available: During the install, you configured SSH public key authentication using ssh-copy-id. Ensure this key is available using ssh-add -L. If you see the output “This agent has no identities.” then you need to add the key via ssh-add prior to SSHing into the servers.

I got a unusual error when running ./securedrop-admin install. What do I do?

If the error message is not informative, try running it again. The Tor connection can be flaky and can cause apparent errors, but there is no negative impact of re-rerunning ./securedrop-admin install more than once. The command will simply check which tasks have been completed, and pick up where it left off. However, if the same issue persists, you will need to investigate further.