(maint) add ed25519 support

rubygems has compiled versions of bcrypt_pbkdf 1.1.0 for windows addresses #1986 #1987
puppetlabs · Nov 22, 2023 · 5f72b55 · 5f72b55
1 parent 2b0d943
commit 5f72b55
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 38 deletions.
diff --git a/bolt.gemspec b/bolt.gemspec
@@ -55,6 +55,8 @@ Gem::Specification.new do |spec|
   spec.add_dependency "net-scp", ">= 1.2", "< 5.0"
   spec.add_dependency "net-ssh", ">= 4.0", "< 8.0"
   spec.add_dependency "net-ssh-krb", "~> 0.5"
+  spec.add_dependency "ed25519", ">= 1.3", "< 2.0"
+  spec.add_dependency "bcrypt_pbkdf", ">= 1.1", "< 2.0"
   spec.add_dependency "orchestrator_client", "~> 0.5"
   spec.add_dependency "puppet", ">= 6.18.0"
   spec.add_dependency "puppetfile-resolver", ">= 0.6.2", "< 1.0"

diff --git a/documentation/bolt_known_issues.md b/documentation/bolt_known_issues.md
@@ -68,42 +68,6 @@ such as [`bolt-defaults.yaml`](bolt_defaults_reference.md) or
 [inventory file](bolt_inventory_reference.md), or passing the password on the
 command line with the `--password` option.
 
-📖 **Related issues**
-
-- [#1986 - Commands fail if in a remote session to
-  Windows](https://github.com/puppetlabs/bolt/issues/1986)
-
-## Unable to authenticate with ed25519 keys over SSH transport on Windows
-
-By default, Bolt uses the `net-ssh` Ruby libary to connect to targets over SSH.
-The `net-ssh` library requires the `ed25519` and `bcrypt_pbkdf` gems as
-dependencies, which are not supported in Bolt's packaging process due to issues
-with compiling native extensions.
-
-Attempting to authenticate with ed25519 keys over SSH on Windows will result
-in an error message similar to this:
-
-```
-unsupported key type `ssh-ed25519'
- net-ssh requires the following gems for ed25519 support:
-  * ed25519 (>= 1.2, < 2.0)
-  * bcrypt_pbkdf (>= 1.0, < 2.0)
-```
-
-A workaround is to use native SSH when you need to authenticate with ed25519
-keys. When native SSH is enabled, Bolt will use a specified SSH client to
-connect to targets instead of the `net-ssh` Ruby library. To learn more about
-native SSH, see [native SSH
-transport](experimental_features.md#native-ssh-transport). 
-
-🧪 Native SSH is
-experimental and might change in future minor (y) releases.
-
-📖 **Related issues**
-
-- [#1987 - Unable to authenticate with ed25519 keys over SSH transport
-  on Windows](https://github.com/puppetlabs/bolt/issues/1987)
-
 ## 🧪 Limited Kerberos support over WinRM
 
 🧪 Authenticating with Kerberos over WinRM is considered experimental and is

diff --git a/spec/unit/executor_spec.rb b/spec/unit/executor_spec.rb
@@ -571,7 +571,7 @@ def mock_node_results
       expect(ssh)
         .to receive(:with_connection)
         .and_raise(
-          NotImplementedError.new('ed25519 is not supported')
+          NotImplementedError.new('something is not supported')
         )
     end
 
@@ -580,7 +580,7 @@ def mock_node_results
 
     results.each do |result|
       expect(result.error_hash['kind']).to eq('puppetlabs.tasks/exception-error')
-      expect(result.error_hash['msg']).to eq('ed25519 is not supported')
+      expect(result.error_hash['msg']).to eq('something is not supported')
     end
 
     expect(collector.events.count).to eq(10)