Let’s take a little detour into the past.
When remote execution was first introduced to Foreman in 1.9, it used net/ssh, a pure-ruby reimplementation of the ssh protocol, under the hood to connect to the remote hosts. At that time, we were quite satisfied with how it worked and with the level of control it gave us. However as time went by, new standards were established and older ones deprecated, net/ssh itself was having a bit of a hard time keeping up and to make things worse, we found ourselves locked to an old version of net/ssh for quite a long time due to other dependencies. If you look at Red Hat bugzilla, you’ll find around 8 bugzillas describing this very issue in different words, most of them have their counterpart in Foreman’s issue tracker as well.
Later it became clear that net/ssh wasn’t cutting it for us anymore, so we switched it out for using the ssh binary which is provided in openssh-clients package on EL* based distributions. This switch went live with Foreman 3.1.
Yes, that is sadly the truth.
Sadly, there is no way around this. There is no knob that can be turned, no switch to be flicked, the only way out is to upgrade as we have reached the limits of what the software can do. I admit it is unfortunate, but here we are.
New version of Foreman comes every 3 months give or take, with two latest releases being supported. There are other products built on Foreman, where the life cycle is longer.
To be fair, Foreman 2.5 was released in June 2021, which was some time ago. I know some customers cannot move that fast, but not everything is as future-proof as it should be. It really is up to the users to decide, but there is only so much of what can be supported.
Usually I’d end my comment right here, where most of the purely technical stuff was said, however in this case I’ll make an exception to touch on a few points.
This whole thread got a little bit heated and as it went, we strayed away from the problem we originally wanted to solve. The key thing is, that all parties come from a different background, but are motivated by good intentions. So please keep the focus on the outcome. As with everything, nothing is perfect and there are always tradeoffs that need to be made and it is up to each of us to decide where we draw the line.
On one hand, I must agree with rosco. The assumption that things just keep working is a sensible one, especially when we don’t really state anywhere that they don’t.
On the other side, I must also agree with gvde that the wording of the original post is a bit unfortunate. The bold letters and everything with a warning being posted in another thread really makes it easy for tunnel vision to kick in and have folks just copy-paste it everywhere. As much as it makes me feel ashamed to admit it, I’ve been there and I did that. When you spend a day or two banging your head against the wall, you don’t care about the small print. Whatever works. What makes it slightly better is that there is no post in this thread that is actually marked as a solution.