A user needs to go through all this in order to use `juju ssh`:
* Reminds/ensures the Juju admin to create a user and grant him/her 'admin' access to the model;
which probably confers other rights that the user should not have like destroying the model
('superuser' rights are actually needed but this may be a bug)
* One time stuff like install Juju and register the user
* Learning a new tool and concepts
* Needs to be logged in to the controller
* Ensures their private key is properly named (or use ssh-agent); see LP #1718775
This process is cumbersome and very easy to circumvent by using direct access with a standard SSH client.
1. Is there some way to enforce `juju ssh`?
2. Do we want the documentation to suggest that `juju ssh` is more of an administrator's convenient troubleshooting tool (which it is; it's great)? Otherwise, it all ends up looking a bit awkward on paper.
A user needs to go through all this in order to use `juju ssh`:
* Reminds/ensures the Juju admin to create a user and grant him/her 'admin' access to the model;
which probably confers other rights that the user should not have like destroying the model
('superuser' rights are actually needed but this may be a bug)
* One time stuff like install Juju and register the user
* Learning a new tool and concepts
* Needs to be logged in to the controller
* Ensures their private key is properly named (or use ssh-agent); see LP #1718775
This process is cumbersome and very easy to circumvent by using direct access with a standard SSH client.
1. Is there some way to enforce `juju ssh`?
2. Do we want the documentation to suggest that `juju ssh` is more of an administrator's convenient troubleshooting tool (which it is; it's great)? Otherwise, it all ends up looking a bit awkward on paper.