diff --git a/src/content/docs/cloudflare-one/applications/non-http/short-lived-certificates-legacy.mdx b/src/content/docs/cloudflare-one/applications/non-http/short-lived-certificates-legacy.mdx
index e8959491e60ffe..e50bc1c12c7e2c 100644
--- a/src/content/docs/cloudflare-one/applications/non-http/short-lived-certificates-legacy.mdx
+++ b/src/content/docs/cloudflare-one/applications/non-http/short-lived-certificates-legacy.mdx
@@ -3,15 +3,13 @@ title: Short-lived certificates (legacy)
 pcx_content_type: how-to
 sidebar:
   order: 6
-head:
-  - tag: title
-    content: Configure short-lived certificates (legacy)
+  label: Short-lived certificates (legacy)
 ---
 
 import { Render } from "~/components";
 
-:::note[Short-lived certificates are now managed through Access for Infrastructure.]
-Cloudflare recommends configuring short-lived certificates through our new [Access for Infrastructure](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) workflow. Access for Infrastructure supports differing SSH aliases out-of-the-box, removes the need for client SSH configuration, and allows for more granular security policies.
+:::note
+Not recommended for new deployments. We recommend using [Access for Infrastructure](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) to configure short-lived certificates for SSH.
 :::
 
 <Render
diff --git a/src/content/docs/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-cloudflared-authentication.mdx b/src/content/docs/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-cloudflared-authentication.mdx
index da93af6ffa03fd..f12163a91753be 100644
--- a/src/content/docs/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-cloudflared-authentication.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-cloudflared-authentication.mdx
@@ -3,7 +3,7 @@ pcx_content_type: how-to
 title: Connect to SSH with client-side cloudflared (legacy)
 sidebar:
   order: 5
-  label: SSH with client-side cloudflared
+  label: SSH with client-side cloudflared (legacy)
 ---
 
 import { Render } from "~/components";
diff --git a/src/content/docs/cloudflare-one/policies/gateway/network-policies/ssh-logging.mdx b/src/content/docs/cloudflare-one/policies/gateway/network-policies/ssh-logging.mdx
index ab8b13d9db4f86..fdbc5f88051463 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/network-policies/ssh-logging.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/network-policies/ssh-logging.mdx
@@ -1,14 +1,15 @@
 ---
-title: SSH proxy and command logs
+title: SSH proxy and command logs (legacy)
 pcx_content_type: how-to
 sidebar:
   order: 3
+  label: SSH proxy and command logs (legacy)
 ---
 
 import { Render } from "~/components";
 
 :::note
-Cloudflare recommends configuring SSH command logs through our new [Access for Infrastructure](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) workflow. Access for Infrastructure supports differing SSH aliases out-of-the-box, custom SSH ports, and Logpush integrations.
+Not recommended for new deployments. We recommend using [Access for Infrastructure](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/) to manage SSH sessions and log SSH commands.
 :::
 
 Cloudflare Zero Trust supports SSH proxying and command logging using Secure Web Gateway and the WARP client.