# Enable Advanced Remote Support

By default, members of the Platform9 support team can not interactively log onto your PMK nodes. In exceptional circumstances, it is sometimes useful to enable the advanced remote support (ARS) mechanism in order to troubleshoot challenging problems on the nodes. This allows a Platform9 support engineer to securely log onto your host in order to analyze and fix issues. This article explains how a customer can enable this mechanism.

{% hint style="info" %}
Despite being based on SSH, enabling advance remote support does not expose your host to SSH login from any network, only Platform9’s. It leverages the host’s existing secure connection to the Platform9 management plane, and does not require any firewall changes to your host or network.
{% endhint %}

### Enable Advanced Remote Support from PMK UI <a href="#enable-advanced-remote-support-from-pmk-ui" id="enable-advanced-remote-support-from-pmk-ui"></a>

Follow these steps to enable advance remote support for a PMK node.

1. Navigate to Infrastructure>Clusters, click the cluster name and then click the Nodes tab. Alternatively, navigate to Infrastructure>Nodes.
2. Select the check boxes for the node on which you want to enable remote support.
3. Click ‘Configure Remote Support’ action.
4. Select the Enable Advanced Support check box.
5. Click Apply Changes.

Advanced Remote support is now enabled for the selected node, and the node can be accessed remotely by Platform9 support.

### Ensure sshd is Running and Properly Configured <a href="#ensure-sshd-is-running-and-properly-configured" id="ensure-sshd-is-running-and-properly-configured"></a>

Consult your linux operating system’s documentation to ensure that the SSH daemon is running and allows key-based authentication.

### (Optional, but Highly Recommended) Grant sudo Access <a href="#optional-but-highly-recommended-grant-sudo-access" id="optional-but-highly-recommended-grant-sudo-access"></a>

Once ARS is enabled, a Platform9 support engineer will log into the node using a user role called ‘pf9’ that was previous created on that node during installation of PMK. By default, the ‘pf9’ user is created with restricted privileges. To gather certain types of information, it is sometimes helpful for a Platform9 support engineer logged in as the ‘pf9’ user to run commands with elevated privileges using the sudo utility. To allow this: (1) sudo must be enabled for the ‘pf9’ user, and (2) sudo must allow the ‘pf9’ user to authenticate without a password. ARS uses one-time ssh keys for login, and therefore the ‘pf9’ user does not have a password by default.

Consult your Linux operating system’s documentation for specific instructions on how to configure this.

On RedHat and CentOS, this can usually be done by:

Adding pf9 to the wheel group:

```
usermod -a -G wheel pf9
```

Run visudo to edit sudo rules to ensure that members of the wheel group can authenticate without a password. The line to configure this looks like:

```
%wheel ALL=(ALL) NOPASSWD: ALL
```

On Ubuntu, this can usually be done by:

Run `visudo` to add a rule to ensure that pf9 user can authenticate without a password. The line to configure this looks like:

```
pf9 ALL=(ALL) NOPASSWD: ALL
```

Notify Platform9 Support Team

Communicate with your Platform9 support representative to:

* Securely exchange the pf9 user’s password.
* Identify the host that should be logged onto, by sharing the contents of the host’s `/etc/pf9/host_id.conf` file or the host’s hostname.
* Agree on a time window for a support technician to log on to the host.

### Disable Advanced Remote Support <a href="#disable-advanced-remote-support" id="disable-advanced-remote-support"></a>

To disable Advance Remote Support, just uncheck the box under host configuration (Step 1 above).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.platform9.com/managed-kubernetes/support/troubleshooting/enable-advanced-remote-support.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.