This isn't exactly an even comparison -- Ansible has been working on it's SSH implementation for about two years, so it's pretty evolved, and you won't find that elsewhere. By comparison, Salt's implementation is currently a rough sketch, and one they discourage using.
Ansible has a pretty robust implementation that allows sudo and su operations, and is pretty finely tuned for using things like ControlPersist, reports nicely on when passwords being incorrect, and also has a paramiko implementation for older EL platforms where ControlPersist is not available. Doing things like detecting when the SSH-key is not added yet, etc, are also well handled to lock and be able to ask prompts only when needed, etc.
Ansible also features a higher speed 'accelerated mode' that uses SSH for secure key exchange, without relying on in-house crypto. Though the new pipelining features in 1.5 make SSH about as fast as accelerate mode, so that's saying something!
Anyway, we take security very very seriously, which is why we invest so much in having a great SSH implementation.
Please don't conflate acknowledging that the ssh implementation is a newly-implemented feature with "discouraging" the use of it. You're better than that.
I agree that there's no reason to assume that Salt discourages the use of a feature that clearly required time to implement. But in the docs and videos I've seen of the new interface the words "way slower" come up over and over again.
There's a vibe that salt-ssh is an answer to folks who would use Ansible, and less a feature that Salt has long had on it's list of things that need to be implemented.
Not saying there's any truth to that statement, but that's the vibe I got from the folks I know who use Salt and knew that I preferred Ansible at the time. So while the word "discouraging" is a bit heavy, there's an absence of leadership as to why salt-ssh was developed and when it's appropriate vs. 0mq.
This isn't exactly an even comparison -- Ansible has been working on it's SSH implementation for about two years, so it's pretty evolved, and you won't find that elsewhere. By comparison, Salt's implementation is currently a rough sketch, and one they discourage using.
Ansible has a pretty robust implementation that allows sudo and su operations, and is pretty finely tuned for using things like ControlPersist, reports nicely on when passwords being incorrect, and also has a paramiko implementation for older EL platforms where ControlPersist is not available. Doing things like detecting when the SSH-key is not added yet, etc, are also well handled to lock and be able to ask prompts only when needed, etc.
Ansible also features a higher speed 'accelerated mode' that uses SSH for secure key exchange, without relying on in-house crypto. Though the new pipelining features in 1.5 make SSH about as fast as accelerate mode, so that's saying something!
Anyway, we take security very very seriously, which is why we invest so much in having a great SSH implementation.
See also:
http://blog.ansibleworks.com/2013/12/08/the-origins-of-ansib...
http://blog.ansibleworks.com/2013/11/29/ansibles-architectur...