You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
162 lines
5.7 KiB
162 lines
5.7 KiB
4 months ago
|
Overview.
|
||
|
|
||
|
$ ./configure && make tests
|
||
|
|
||
|
You'll see some progress info. A failure will cause either the make to
|
||
|
abort or the driver script to report a "FATAL" failure.
|
||
|
|
||
|
The test consists of 2 parts. The first is the file-based tests which is
|
||
|
driven by the Makefile, and the second is a set of network or proxycommand
|
||
|
based tests, which are driven by a driver script (test-exec.sh) which is
|
||
|
called multiple times by the Makefile.
|
||
|
|
||
|
Failures in the first part will cause the Makefile to return an error.
|
||
|
Failures in the second part will print a "FATAL" message for the failed
|
||
|
test and continue.
|
||
|
|
||
|
OpenBSD has a system-wide regression test suite. OpenSSH Portable's test
|
||
|
suite is based on OpenBSD's with modifications.
|
||
|
|
||
|
|
||
|
Environment variables.
|
||
|
|
||
|
SKIP_UNIT: Skip unit tests.
|
||
|
SUDO: path to sudo/doas command, if desired. Note that some systems
|
||
|
(notably systems using PAM) require sudo to execute some tests.
|
||
|
LTESTS: Whitespace separated list of tests (filenames without the .sh
|
||
|
extension) to run.
|
||
|
SKIP_LTESTS: Whitespace separated list of tests to skip.
|
||
|
OBJ: used by test scripts to access build dir.
|
||
|
TEST_SHELL: shell used for running the test scripts.
|
||
|
TEST_SSH_FAIL_FATAL: set to "yes" to make any failure abort the test
|
||
|
currently in progress.
|
||
|
TEST_SSH_PORT: TCP port to be used for the listening tests.
|
||
|
TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
|
||
|
TEST_SSH_SSHD_CONFOPTS: Configuration directives to be added to sshd_config
|
||
|
before running each test.
|
||
|
TEST_SSH_SSH_CONFOPTS: Configuration directives to be added to
|
||
|
ssh_config before running each test.
|
||
|
TEST_SSH_TRACE: set to "yes" for verbose output from tests
|
||
|
TEST_SSH_x: path to "ssh" command under test, where x is one of
|
||
|
SSH, SSHD, SSHAGENT, SSHADD, SSHKEYGEN, SSHKEYSCAN, SFTP or
|
||
|
SFTPSERVER
|
||
|
USE_VALGRIND: Run the tests under valgrind memory checker.
|
||
|
|
||
|
|
||
|
Individual tests.
|
||
|
|
||
|
You can run an individual test from the top-level Makefile, eg:
|
||
|
$ make tests LTESTS=agent-timeout
|
||
|
|
||
|
If you need to manipulate the environment more you can invoke test-exec.sh
|
||
|
directly if you set up the path to find the binaries under test and the
|
||
|
test scripts themselves, for example:
|
||
|
|
||
|
$ cd regress
|
||
|
$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \
|
||
|
agent-timeout.sh
|
||
|
ok agent timeout test
|
||
|
|
||
|
|
||
|
Files.
|
||
|
|
||
|
test-exec.sh: the main test driver. Sets environment, creates config files
|
||
|
and keys and runs the specified test.
|
||
|
|
||
|
At the time of writing, the individual tests are:
|
||
|
connect.sh: simple connect
|
||
|
proxy-connect.sh: proxy connect
|
||
|
connect-privsep.sh: proxy connect with privsep
|
||
|
connect-uri.sh: uri connect
|
||
|
proto-version.sh: sshd version with different protocol combinations
|
||
|
proto-mismatch.sh: protocol version mismatch
|
||
|
exit-status.sh: remote exit status
|
||
|
envpass.sh: environment passing
|
||
|
transfer.sh: transfer data
|
||
|
banner.sh: banner
|
||
|
rekey.sh: rekey
|
||
|
stderr-data.sh: stderr data transfer
|
||
|
stderr-after-eof.sh: stderr data after eof
|
||
|
broken-pipe.sh: broken pipe test
|
||
|
try-ciphers.sh: try ciphers
|
||
|
yes-head.sh: yes pipe head
|
||
|
login-timeout.sh: connect after login grace timeout
|
||
|
agent.sh: simple connect via agent
|
||
|
agent-getpeereid.sh: disallow agent attach from other uid
|
||
|
agent-timeout.sh: agent timeout test
|
||
|
agent-ptrace.sh: disallow agent ptrace attach
|
||
|
keyscan.sh: keyscan
|
||
|
keygen-change.sh: change passphrase for key
|
||
|
keygen-convert.sh: convert keys
|
||
|
keygen-moduli.sh: keygen moduli
|
||
|
key-options.sh: key options
|
||
|
scp.sh: scp
|
||
|
scp-uri.sh: scp-uri
|
||
|
sftp.sh: basic sftp put/get
|
||
|
sftp-chroot.sh: sftp in chroot
|
||
|
sftp-cmds.sh: sftp command
|
||
|
sftp-badcmds.sh: sftp invalid commands
|
||
|
sftp-batch.sh: sftp batchfile
|
||
|
sftp-glob.sh: sftp glob
|
||
|
sftp-perm.sh: sftp permissions
|
||
|
sftp-uri.sh: sftp-uri
|
||
|
ssh-com-client.sh: connect with ssh.com client
|
||
|
ssh-com-keygen.sh: ssh.com key import
|
||
|
ssh-com-sftp.sh: basic sftp put/get with ssh.com server
|
||
|
ssh-com.sh: connect to ssh.com server
|
||
|
reconfigure.sh: simple connect after reconfigure
|
||
|
dynamic-forward.sh: dynamic forwarding
|
||
|
forwarding.sh: local and remote forwarding
|
||
|
multiplex.sh: connection multiplexing
|
||
|
reexec.sh: reexec tests
|
||
|
brokenkeys.sh: broken keys
|
||
|
sshcfgparse.sh: ssh config parse
|
||
|
cfgparse.sh: sshd config parse
|
||
|
cfgmatch.sh: sshd_config match
|
||
|
cfgmatchlisten.sh: sshd_config matchlisten
|
||
|
addrmatch.sh: address match
|
||
|
localcommand.sh: localcommand
|
||
|
forcecommand.sh: forced command
|
||
|
portnum.sh: port number parsing
|
||
|
keytype.sh: login with different key types
|
||
|
kextype.sh: login with different key exchange algorithms
|
||
|
cert-hostkey.sh certified host keys
|
||
|
cert-userkey.sh: certified user keys
|
||
|
host-expand.sh: expand %h and %n
|
||
|
keys-command.sh: authorized keys from command
|
||
|
forward-control.sh: sshd control of local and remote forwarding
|
||
|
integrity.sh: integrity
|
||
|
krl.sh: key revocation lists
|
||
|
multipubkey.sh: multiple pubkey
|
||
|
limit-keytype.sh: restrict pubkey type
|
||
|
hostkey-agent.sh: hostkey agent
|
||
|
keygen-knownhosts.sh: ssh-keygen known_hosts
|
||
|
hostkey-rotate.sh: hostkey rotate
|
||
|
principals-command.sh: authorized principals command
|
||
|
cert-file.sh: ssh with certificates
|
||
|
cfginclude.sh: config include
|
||
|
allow-deny-users.sh: AllowUsers/DenyUsers
|
||
|
authinfo.sh: authinfo
|
||
|
|
||
|
|
||
|
Problems?
|
||
|
|
||
|
Run the failing test with shell tracing (-x) turned on:
|
||
|
$ PATH=`pwd`/..:$PATH:. sh -x test-exec.sh `pwd` agent-timeout.sh
|
||
|
|
||
|
Failed tests can be difficult to diagnose. Suggestions:
|
||
|
- run the individual test via ./test-exec.sh `pwd` [testname]
|
||
|
- set LogLevel to VERBOSE in test-exec.sh and enable syslogging of
|
||
|
auth.debug (eg to /var/log/authlog).
|
||
|
|
||
|
|
||
|
Known Issues.
|
||
|
|
||
|
- Similarly, if you do not have "scp" in your system's $PATH then the
|
||
|
multiplex scp tests will fail (since the system's shell startup scripts
|
||
|
will determine where the shell started by sshd will look for scp).
|
||
|
|
||
|
- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
|
||
|
test to fail. The old behaviour can be restored by setting (and
|
||
|
exporting) _POSIX2_VERSION=199209 before running the tests.
|