enable ssh in case it is not enabled yet

[Kkoile]

In our setup apps are not ssh-enabled by default. Whenever mtx-tool tries to ssh into our app, it will fail, because ssh is not enabled. We have to manually enable it and reexecute the original command.

This feature will recognize if ssh is disabled and enable it, when executing an ssh command.

To be discussed:

• I implemented the detection if ssh is disabled only after the actual ssh command failed. Could also be moved before actually executing the original ssh command.
• It will only enable-ssh if an option enableSsh is set. Currently this is not used in the code. Do you have an idea of how to set this option best? Configuring it globally with mtx set? Or adding it as an option to every command which uses ssh?

I'm curious about your feedback.

[rlindner81]

Hi @Kkoile, I'll be back from vacation next week and will have a closer look at the code changes...

Let me think about this one for a little bit and maybe we could have a call as well. I get the intention to make the tool useful for the ssh-disabled case, but I also feel that it should not be on by default. Enabling ssh is a very security sensitive step and it should not happen implicitly but only explicitly.

If the error message that mtx gives you for this case is clear, then users could always pre-enable ssh before running the tool. Now this is a little like saying you don't need the tool at all, because you could run everything yourself without the tool, but I feel the security sensitive nature of the ssh-enablement makes it different from other problems where the tool should be resilient and fix common setup problems automatically.

[Kkoile]

I get your point regarding security. And that's why I didn't enable ssh by default, but only if a certain option is set.

If it's "too risky" in your view it's fine by me. We can work around that in our project.
Please feel free to close this pull request in that case.

[rlindner81]

I'm re-working the settings currently for another feature (to support service-keys alongside app bindings in some cases). It's still early stages, but a major part of the roadmap to 1.0
https://github.com/cap-js-community/mtx-tool/tree/fb/service-keys

On the other hand, this change feels more like an optionalFlagArg to me. You could add --enable-ssh to the 3 relevant commands and always enable ssh, if that is set.

[rlindner81]

I could live with the optionalFlagArg solution, but overall my gut feeling is that it would be better to leave the handling of ssh enablement to the users and not take it into the tool.

[rlindner81]

I get your point regarding security. And that's why I didn't enable ssh by default, but only if a certain option is set.

If it's "too risky" in your view it's fine by me. We can work around that in our project. Please feel free to close this pull request in that case.

I think I talked myself out of this idea for now. If it becomes more urgent somehow, we can re-examine this, but as a convenience, I will currently block it.