I agree with the basic premise (debugging without ssh can be close to impossible) but I don't get why this should be a binary thing. There are ways to allow temporary ssh logins. A policy can be put in place to redeploy the machine after the temporary login has been removed.