Enabling Advanced Remote Support on Linux Hosts Managed by Platform9 Host Agent

By default, members of the Platform9 support team cannot interactively log onto a customer's Linux host. In exceptional circumstances, it is sometimes useful to enable the advanced remote support (ARS) mechanism in order to troubleshoot challenging problems. It allows a support engineer to securely log onto your appliance as the pf9 user in order to analyze and fix issues. This guide explains how a customer can enable this mechanism.

Step 1: Enable 'Advance Remote Support' From Platform9 UI

Step 2: Ensure sshd is running and properly configured

Consult your Linux operating system's documentation to ensure that the SSH daemon is running and allows key-based authentication.

Step 3: (Optional, but highly recommended) Grant sudo Access

The pf9 user has restricted privileges. To gather certain types of information, it is sometimes helpful for a Platform9 support technician logged in as pf9 to run commands with elevated privileges through the sudo utility. To allow this, (1) sudo must be enabled for pf9 user, and (2) sudo must allow pf9 to authenticate without a password.

ARS uses one-time ssh keys for login, and therefore the pf9 user does not have a password by default.

Consult your Linux operating system's documentation for specific instructions on how to configure this. On RedHat and CentOS, this can usually be done by:

  1. Adding pf9 to the wheel group:
    usermod -a -G wheel pf9
  2. Run visudo to edit sudo rules to ensure that members of the wheel group can authenticate without a password. The line to configure this looks like:
    %wheel        ALL=(ALL)       NOPASSWD: ALL

Step 4: Notify Platform9 Support Team

Communicate with your Platform9 support representative to:

Disable Advanced Remote Support

To disable Advance Remote Support, just uncheck the box under host configuration (Step 1 above).

November 16, 2015