Based on your experience, should I turn on SSH on access points that run on LWAP mode? Or SSH access only to the WLC is enough? What are the pros and cons if I turn on the SSH on those access point?
You need ssh to the WLC as a minimum if using CLI or running debugs. SSH on the AP is nice if only you are troubleshooting and TAC for example wants commands ran from the AP.