From fa2656c8f06fb59ac2fb6fe376c7e26b6cda30cb Mon Sep 17 00:00:00 2001
From: rcourtman <courtmanr@gmail.com>
Date: Wed, 1 Oct 2025 15:23:41 +0000
Subject: [PATCH] docs: clarify SSH temperature usage

---
 docs/TEMPERATURE_MONITORING.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/TEMPERATURE_MONITORING.md b/docs/TEMPERATURE_MONITORING.md
index ef97cd304..33866007d 100644
--- a/docs/TEMPERATURE_MONITORING.md
+++ b/docs/TEMPERATURE_MONITORING.md
@@ -139,6 +139,12 @@ Temperature monitoring uses **SSH key authentication** - the same trusted method
 - ✅ **Instantly revocable** - Remove key from authorized_keys to disable
 - ✅ **Logged and auditable** - All connections logged in `/var/log/auth.log`
 
+### What Pulse Uses SSH For
+
+- **Temperature polls only**: Every monitoring cycle (about every 10 seconds) Pulse opens an SSH session, runs `sensors -j 2>/dev/null`, parses the JSON output, and closes the connection immediately.
+- **Optional setup help**: If you opt in during the setup script, Pulse writes its public key to `/root/.ssh/authorized_keys` and, when required, installs `lm-sensors` so the `sensors` command is available. Those actions happen once while the script runs and only with your confirmation.
+- **No other automation**: Pulse does not transfer files, modify other configuration, reboot the node, or run arbitrary shell commands through this SSH access. Removing the key cuts off temperature collection completely.
+
 This is the same security model used by thousands of organizations for infrastructure automation.
 
 ### Best Practices