Juju SSH access is cumbersome and easy to circumvent
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Triaged
|
Low
|
Unassigned |
Bug Description
A user needs to go through all this in order to use `juju ssh`:
* Reminds/ensures the Juju admin to create a user and grant him/her 'admin' access to the model;
which probably confers other rights that the user should not have like destroying the model
('superuser' rights are actually needed but this may be a bug)
* Installs Juju and registers the controller
* Learns a new tool and concepts
* Logs in to the controller
This process is cumbersome and very easy to circumvent by using direct access with a standard SSH client.
1. Is there some way to enforce `juju ssh`?
2. Do we want the documentation to suggest that `juju ssh` is more of an administrator's convenient troubleshooting tool (which it is; it's great)? Otherwise, it all ends up looking a bit awkward on paper.
User experience with 'juju ssh' needs to be re-visited.