Juju SSH access is cumbersome and easy to circumvent
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical Juju |
Triaged
|
Low
|
Unassigned | ||
Bug Description
A user needs to go through all this in order to use `juju ssh`:
* Reminds/ensures the Juju admin to create a user and grant him/her 'admin' access to the model;
which probably confers other rights that the user should not have like destroying the model
('superuser' rights are actually needed but this may be a bug)
* Installs Juju and registers the controller
* Learns a new tool and concepts
* Logs in to the controller
This process is cumbersome and very easy to circumvent by using direct access with a standard SSH client.
1. Is there some way to enforce `juju ssh`?
2. Do we want the documentation to suggest that `juju ssh` is more of an administrator's convenient troubleshooting tool (which it is; it's great)? Otherwise, it all ends up looking a bit awkward on paper.
| Anastasia (anastasia-macmood) wrote | #1 |
| tags: | added: juju-ssh ssh |
| Changed in juju: | |
| status: | New → Triaged |
| importance: | Undecided → Wishlist |
| description: | updated |
| description: | updated |
| Canonical Juju QA Bot (juju-qa-bot) wrote | #2 |
| Changed in juju: | |
| importance: | Wishlist → Low |
| tags: | added: expirebugs-bot |
User experience with 'juju ssh' needs to be re-visited.