Enabling Advanced Remote Support on Linux Hosts Managed by Platform9 Host Agent

By default, members of the Platform9 support team cannot interactively log onto a customer's Linux host. In exceptional circumstances, it is sometimes useful to enable the advanced remote support (ARS) mechanism in order to troubleshoot challenging problems. It allows a support engineer to securely log onto your appliance as the pf9 user in order to analyze and fix issues. This guide explains how a customer can enable this mechanism.

Note: Despite being based on SSH, enabling this capability does not expose your host to SSH login from any network, only Platform9's. It leverages the host's existing secure connection to the Platform9 cloud controller, and does not require any firewall changes to your host or network.

Step 1: Enable 'Advance Remote Support' From Platform9 UI

Step 2: Ensure sshd is Running and Configured Properly

Consult your Linux operating system's documentation to ensure that the ssh daemon is running and allows key-based authentication.

Step 3: (Optional but Highly Recommended) Grant sudo Access

The pf9 user has restricted privileges. To gather certain types of information, it is sometimes helpful for a Platform9 support technician logged in as pf9 to run commands with elevated privileges through the sudo utility. To allow this, (1) sudo must be enabled for pf9 user, and (2) sudo must allow pf9 to authenticate without a password, since ARS uses one-time ssh keys for login, and the pf9 user does not have a password by default. Consult your Linux operating system's documentation for details on how to configure this. On RedHat and CentOS, this can usually be done by:

  1. Adding pf9 to the wheel group:
    usermod -a -G wheel pf9
  2. Run visudo to edit sudo rules to ensure that members of the wheel group can authenticate without a password. The line to configure this looks like:
    %wheel        ALL=(ALL)       NOPASSWD: ALL

Step 4: Notify Platform9 Support Team

Communicate with your Platform9 support representative to:

Disable Advanced Remote Support

To disable Advance Remote Support, just uncheck the box under host configuration (Step 1 above).


November 16, 2015