gitea-mirror/Pulse
1
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-02-18 00:17:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ec802c48646a85d7f04c845e41bebe0a3f54f1a5
Pulse/docs/security/TEMPERATURE_MONITORING.md
rcourtman 0ca6001bad docs: update documentation after sensor proxy deprecation 
Update docs to reflect the simplified temperature monitoring architecture:
- Remove references to pulse-sensor-proxy throughout
- Update TEMPERATURE_MONITORING.md to focus on unified agent approach
- Update CONFIGURATION.md, DEPLOYMENT_MODELS.md, FAQ.md
- Remove SECURITY_CHANGELOG.md (proxy-specific security notes)
- Clarify current recommended setup in various guides
2026-01-21 12:00:59 +00:00

1.4 KiB
Raw Blame History

Temperature Monitoring Security

Pulse supports two temperature collection paths: the unified agent (recommended) and SSH-based collection from the Pulse server. This page summarizes the security tradeoffs.

Recommended: Pulse Agent

The unified agent (pulse-agent --enable-proxmox) runs locally on each Proxmox host and reports temperature metrics directly to Pulse. No SSH keys are stored on the server, and access is scoped to the agent token.

Benefits:

  • Local sensor access only
  • No inbound SSH requirement
  • Standard agent auth and transport

See docs/TEMPERATURE_MONITORING.md for setup.

SSH-Based Collection

SSH-based temperature monitoring uses a restricted key entry that only allows sensors -j to run. This limits the blast radius if a key leaks.

Recommended restrictions:

command="sensors -j",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty <public-key> # pulse-sensors

Additional notes:

  • Use a dedicated key for temperature collection only.
  • Avoid running Pulse in a container for SSH-based collection. If you must for dev/test, set PULSE_DEV_ALLOW_CONTAINER_SSH=true and keep access tightly scoped.

See docs/TEMPERATURE_MONITORING.md for the full setup flow.

Related Docs