# Advanced Remote Support Advanced Remote Support (ARS) is a secure troubleshooting mechanism that allows Platform9 support engineers to log onto your Private Cloud Director hosts to analyze and resolve complex technical issues. By default, Platform9 support team members cannot interactively access your hosts. However, when you enable ARS, support engineers can securely connect through the host's existing connection to the Platform9 management plane. Despite being based on SSH, ARS does not expose your host to SSH login from any external network. The mechanism leverages secure channels and does not require any firewall changes to your host or network infrastructure. In this guide, you will learn how to enable, configure, and disable Advanced Remote Support for your PCD hosts. ### Prerequisites Before you enable Advanced Remote Support, ensure you have: * Administrative access to the PCD UI * Root or sudo access to the target host * The SSH daemon (`sshd`) running on the target host * The `pf9` user account created on the host (this is created automatically during PCD installation) ### Enable Advanced Remote Support {% stepper %} {% step %} Navigate to **Infrastructure → Cluster Hosts** in the PCD UI. {% endstep %} {% step %} Select the checkbox next to the host where you want to enable remote support. {% endstep %} {% step %} Click **Edit Roles**. {% endstep %} {% step %} Select the **Advanced Remote Support** checkbox. {% endstep %} {% step %} Click **Update Role Assignment**. {% endstep %} {% endstepper %} Expected outcome: The host now allows Platform9 support engineers to establish secure SSH connections through the management plane. ### Verify SSH Daemon Configuration To ensure the SSH daemon is properly configured: 1. Connect to your host using your standard SSH method. 2. Verify that the `sshd` service is running by executing the appropriate command for your operating system. 3. Confirm that the SSH daemon configuration allows key-based authentication. Consult your Linux operating system's documentation for specific instructions on verifying and configuring the SSH daemon. ### Configure Sudo Access (Optional, Recommended) When ARS is enabled, Platform9 support engineers log into the host using the `pf9` user account. By default, this account has restricted privileges. To allow support engineers to run diagnostic commands with elevated privileges, you need to configure sudo access for the `pf9` user. #### Requirements for Sudo Access To grant sudo access: * sudo must be enabled for the 'pf9' user * sudo must allow the 'pf9' user to authenticate without a password (ARS uses one-time SSH keys, so the 'pf9' user does not have a password by default) #### Configure Sudo on Debian and Ubuntu Systems {% stepper %} {% step %} Add the 'pf9' user to the wheel group by running the following command: {% code title="shell" %} ```bash usermod -aG wheel pf9 ``` {% endcode %} {% endstep %} {% step %} Edit the sudo rules by running the `visudo` command. {% endstep %} {% step %} Add or verify the following line to allow wheel group members to authenticate without a password: {% code title="sudoers" %} ```bash pf9 ALL=(ALL) NOPASSWD: ALL ``` {% endcode %} {% endstep %} {% step %} Save and exit the editor. {% endstep %} {% endstepper %} Expected outcome: The 'pf9' user can now run commands with sudo privileges without entering a password. For other Linux distributions, consult your operating system's documentation for specific instructions on configuring passwordless sudo access. ### Coordinate with Platform9 Support {% stepper %} {% step %} Identify the specific host that requires troubleshooting by sharing: * The contents of the host's `/etc/pf9/host_id.conf` file, or * The host's hostname {% endstep %} {% step %} Agree on a time window when the support engineer can access the host. {% endstep %} {% step %} Confirm that ARS is enabled and properly configured on the target host. {% endstep %} {% endstepper %} ### Disable Advanced Remote Support {% stepper %} {% step %} Navigate to **Infrastructure → Cluster Hosts** in the Private Cloud Director UI. {% endstep %} {% step %} Select the checkbox next to the host where you want to disable remote support. {% endstep %} {% step %} Click **Edit Roles**. {% endstep %} {% step %} Deselect the **Advanced Remote Support** checkbox. {% endstep %} {% step %} Click **Update Role Assignment**. {% endstep %} {% endstepper %} Expected outcome: Platform9 support engineers can no longer establish SSH connections to the host through the management plane.