openssh-portable/regress
Tess Gauthier 18f1991754 fix test-exec to find sshd-session on Windows 2024-08-09 15:12:21 -04:00
..
misc merge the rest of the 9.8 changes from upstream 2024-08-02 17:22:58 -04:00
pesterTests remove debug statements from pester tests 2023-12-01 15:49:33 -05:00
unittests merge the rest of the 9.8 changes from upstream 2024-08-02 17:22:58 -04:00
.gitattributes Ported bash based E2E tests and integrated security fix for cve-2018-15473(#346) 2018-10-04 14:16:02 -07:00
Makefile upstream: split the PerSourcePenalties test in two: one tests penalty 2024-06-14 14:46:21 +10:00
README.regress Add SKIP_LTESTS for skipping specific tests. 2019-09-30 14:11:42 +10:00
addrmatch.sh openssh-8.5 2021-04-02 10:14:32 -07:00
agent-getpeereid.sh Merge 9.2 (#657) 2023-02-09 16:57:36 -05:00
agent-pkcs11-cert.sh upstream: regress test for agent PKCS#11-backed certificates 2023-12-19 01:57:37 +11:00
agent-pkcs11-restrict.sh upstream: regress test for constrained PKCS#11 keys 2023-12-19 01:57:16 +11:00
agent-pkcs11.sh upstream: move PKCS#11 setup code to test-exec.sh so it can be reused 2023-10-31 10:04:32 +11:00
agent-ptrace.sh Also look for gdb error message from OpenIndiana. 2023-03-27 12:22:30 +11:00
agent-restrict.sh resolve merge conflicts 2023-08-21 16:35:13 -04:00
agent-subprocess.sh upstream: Test that ssh-agent exits when running as as subprocess 2020-06-19 16:06:53 +10:00
agent-timeout.sh openssh-8.5 2021-04-02 10:14:32 -07:00
agent.sh resolve merge conflicts 2023-08-21 16:35:13 -04:00
allow-deny-users.sh upstream: prepare for stricter sshd_config parsing that will refuse 2021-06-08 17:17:24 +10:00
authinfo.sh Fix to pipe shell commands. (#429) 2020-02-28 18:06:18 +00:00
banner.sh Merge upstream V8_9 2022-02-24 16:57:16 -08:00
broken-pipe.sh upstream commit 2017-05-01 11:59:42 +10:00
brokenkeys.sh upstream commit 2017-05-01 11:59:42 +10:00
cert-file.sh upstream: test FIDO2/U2F key types; ok markus@ 2019-11-27 11:02:49 +11:00
cert-hostkey.sh Merge upstream V8_9 2022-02-24 16:57:16 -08:00
cert-userkey.sh Merge upstream V8_9 2022-02-24 16:57:16 -08:00
cfginclude.sh Merge upstream V8_9 2022-02-24 16:57:16 -08:00
cfgmatch.sh Add AzDevOps CI implementations (#631) 2022-11-14 13:14:50 -08:00
cfgmatchlisten.sh start merge - not compiling 2024-07-24 10:25:43 -04:00
cfgparse.sh Merge branch 'V_7_8' of https://github.com/openssh/openssh-portable into cwb 2018-10-04 14:43:51 -07:00
channel-timeout.sh skip bash tests that use multiplexing on Windows with explicit if 2024-01-22 13:07:57 -05:00
check-perm.c Disable tests where fs perms are incorrect 2016-02-23 17:40:16 +11:00
cipher-speed.sh upstream: Enable all supported ciphers and macs in the server 2022-02-02 16:51:04 +11:00
conch-ciphers.sh upstream: Skip conch interop tests when not enabled instead of fatal. 2023-10-27 00:02:26 +11:00
connect-privsep.sh Remove only use of warn(). 2021-04-07 17:02:51 +10:00
connect-uri.sh upstream commit 2017-10-31 09:08:51 +11:00
connect.sh Bagajjal/compile test v8.6 (#503) 2021-04-29 12:41:08 -07:00
connection-timeout.sh Merge 9.2 (#657) 2023-02-09 16:57:36 -05:00
dhgex.sh upstream: Quote grep and log message better. 2023-03-02 19:32:18 +11:00
dropbear-ciphers.sh upstream: Work around dbclient cipher/mac query bug. 2024-06-20 18:34:50 +10:00
dropbear-kex.sh upstream: Use ed25519 keys for kex tests 2024-06-19 20:36:57 +10:00
dsa_ssh2.prv
dsa_ssh2.pub
dynamic-forward.sh fix merge conflict 2024-03-11 11:46:39 -04:00
ed25519_openssh.prv upstream: Add ed25519 key and test SSHFP export of it. Only test 2021-07-19 12:50:51 +10:00
ed25519_openssh.pub upstream: Add ed25519 key and test SSHFP export of it. Only test 2021-07-19 12:50:51 +10:00
envpass.sh Merge 9.1 (#626) 2022-11-02 12:06:45 -04:00
exit-status-signal.sh remove unnecessary changes 2022-03-11 18:09:53 -08:00
exit-status.sh upstream commit 2017-05-01 11:59:42 +10:00
forcecommand.sh fix failing bash test 2024-01-08 16:00:54 -05:00
forward-control.sh upstream: don't need to start a command here; use ssh -N instead. 2023-07-30 11:41:45 +10:00
forwarding.sh Merge upstream V8_9 2022-02-24 16:57:16 -08:00
host-expand.sh Ported bash based E2E tests and integrated security fix for cve-2018-15473(#346) 2018-10-04 14:16:02 -07:00
hostbased.sh Merge 9.2 (#657) 2023-02-09 16:57:36 -05:00
hostkey-agent.sh Fix failed tests - 1 2022-03-11 13:53:27 -08:00
hostkey-rotate.sh upstream: select all RSA hostkey algorithms for UpdateHostkeys tests, 2022-01-05 19:31:37 +11:00
integrity.sh resolve merge conflicts 2023-08-21 16:35:13 -04:00
kextype.sh Ported bash based E2E tests and integrated security fix for cve-2018-15473(#346) 2018-10-04 14:16:02 -07:00
key-options.sh upstream: Save error code from SSH for use inside case statement, 2024-03-26 18:47:22 +11:00
keygen-change.sh upstream: test security key host keys in addition to user keys 2019-12-21 13:35:42 +11:00
keygen-comment.sh Bagajjal/compile test v8.6 (#503) 2021-04-29 12:41:08 -07:00
keygen-convert.sh Fix failed tests - 1 2022-03-11 13:53:27 -08:00
keygen-knownhosts.sh Merge branch 'V_7_8' of https://github.com/openssh/openssh-portable into cwb 2018-10-04 14:43:51 -07:00
keygen-moduli.sh upstream: Update keygen moduli screen test to match recent command 2020-01-03 13:47:32 +11:00
keygen-sshfp.sh fix additional tests in keygen-sshfp.sh on Windows 2023-08-29 10:13:43 -04:00
keys-command.sh upstream: Use "skip" instead of "fatal" 2021-10-01 14:55:12 +10:00
keyscan.sh Remove unintended changes. 2022-07-14 19:22:47 +10:00
keytype.sh upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/ 2021-02-25 15:15:46 +11:00
knownhosts-command.sh Fix failed tests - 1 2022-03-11 13:53:27 -08:00
knownhosts.sh upstream: Test adding terminating newline to known_hosts. 2023-02-09 21:08:33 +11:00
krl.sh Merge 9.2 (#657) 2023-02-09 16:57:36 -05:00
limit-keytype.sh openssh-8.5 2021-04-02 10:14:32 -07:00
localcommand.sh Ported bash based E2E tests and integrated security fix for cve-2018-15473(#346) 2018-10-04 14:16:02 -07:00
login-timeout.sh upstream: Remove references to privsep. 2021-10-01 14:55:12 +10:00
match-subsystem.sh upstream: regression test for override of subsystem in match blocks 2023-09-07 09:58:04 +10:00
mkdtemp.c Missing unistd.h for regress/mkdtemp.c 2018-08-20 15:57:29 +10:00
modpipe.c Remove execute bit from modpipe.c. 2018-02-15 22:33:21 +11:00
moduli.in upstream commit 2016-09-14 10:57:21 +10:00
multiplex.sh Merge remote-tracking branch 'upstream-openssh-portable/master' into sync-with-upstream-2 2024-02-12 18:28:02 -05:00
multipubkey.sh upstream: test AuthenticationMethods inside a Match block as well 2021-06-08 17:17:24 +10:00
netcat.c fix netcat build problem 2020-10-17 11:33:13 +11:00
penalty-expire.sh upstream: same treatment for this test 2024-06-16 21:55:26 +10:00
penalty.sh upstream: penalty test is still a bit racy 2024-06-16 18:18:43 +10:00
percent.sh Move xpg4 'id' handling into test-exec.sh. 2024-03-25 14:05:40 +11:00
portnum.sh - dtucker@cvs.openbsd.org 2013/05/17 10:34:30 2013-05-17 20:47:29 +10:00
principals-command.sh upstream: Fix up whitespace left by previous 2021-10-01 14:55:12 +10:00
proto-mismatch.sh upstream commit 2017-05-01 11:59:42 +10:00
proto-version.sh upstream commit 2017-06-08 13:11:11 +10:00
proxy-connect.sh upstream: Handle zlib compression being disabled now that it's 2020-01-23 22:34:37 +11:00
putty-ciphers.sh upstream: Exapnd PuTTY test coverage. 2024-02-19 18:49:00 +11:00
putty-kex.sh upstream: Exapnd PuTTY test coverage. 2024-02-19 18:49:00 +11:00
putty-transfer.sh upstream: Exapnd PuTTY test coverage. 2024-02-19 18:49:00 +11:00
reconfigure.sh Merge upstream V8_9 2022-02-24 16:57:16 -08:00
reexec.sh Merge 9.2 (#657) 2023-02-09 16:57:36 -05:00
rekey.sh merge the rest of the 9.8 changes from upstream 2024-08-02 17:22:58 -04:00
rsa_openssh.prv
rsa_openssh.pub
rsa_ssh2.prv
scp-ssh-wrapper.sh upstream: add regression tests for scp for out-of-destination path file 2019-07-19 13:53:27 +10:00
scp-uri.sh Merge 9.2 (#657) 2023-02-09 16:57:36 -05:00
scp.sh fix scp.sh test failures 2023-11-30 15:27:59 -05:00
scp3.sh add comments to bash test changes 2023-11-29 16:54:45 -05:00
servcfginclude.sh Merge upstream V8_9 2022-02-24 16:57:16 -08:00
setuid-allowed.c Adapt portable to legacy buffer API removal 2018-07-10 19:39:52 +10:00
sftp-badcmds.sh upstream: some more speeling mistakes from 2020-03-14 19:40:16 +11:00
sftp-batch.sh - dtucker@cvs.openbsd.org 2013/05/17 04:29:14 2013-05-17 15:32:29 +10:00
sftp-chroot.sh upstream: test ChrootDirectory in Match block 2023-07-30 11:18:09 +10:00
sftp-cmds.sh merge the rest of the 9.8 changes from upstream 2024-08-02 17:22:58 -04:00
sftp-glob.sh Ported bash based E2E tests and integrated security fix for cve-2018-15473(#346) 2018-10-04 14:16:02 -07:00
sftp-perm.sh Merge upstream V8_6 2021-04-21 11:30:22 -07:00
sftp-uri.sh Ported bash based E2E tests and integrated security fix for cve-2018-15473(#346) 2018-10-04 14:16:02 -07:00
sftp.sh upstream commit 2017-10-31 09:08:51 +11:00
ssh-com-client.sh - dtucker@cvs.openbsd.org 2013/05/17 04:29:14 2013-05-17 15:32:29 +10:00
ssh-com-keygen.sh
ssh-com-sftp.sh - dtucker@cvs.openbsd.org 2013/05/17 04:29:14 2013-05-17 15:32:29 +10:00
ssh-com.sh upstream commit 2017-05-08 11:54:17 +10:00
ssh2putty.sh upstream: Replace OPENSSL as the variable that points to the 2021-07-25 22:35:24 +10:00
sshcfgparse.sh Fix failed tests - 1 2022-03-11 13:53:27 -08:00
sshfp-connect.sh upstream: Add a function to skip remaining tests. 2021-09-01 11:40:43 +10:00
sshsig.sh resolve merge conflict 2023-12-19 20:33:17 -05:00
stderr-after-eof.sh upstream commit 2017-05-01 11:59:42 +10:00
stderr-data.sh upstream commit 2017-05-01 11:59:42 +10:00
t4.ok upstream commit 2014-12-22 13:21:07 +11:00
t5.ok
t11.ok add missing regress output file 2014-12-22 13:47:07 +11:00
test-exec.sh fix test-exec to find sshd-session on Windows 2024-08-09 15:12:21 -04:00
timestamp.c upstream: Rework logging for the regression tests. 2023-03-01 22:02:47 +11:00
transfer.sh upstream commit 2017-05-01 11:59:42 +10:00
try-ciphers.sh Ported bash based E2E tests and integrated security fix for cve-2018-15473(#346) 2018-10-04 14:16:02 -07:00
valgrind-unit.sh Ensure valgrind-out exists. 2021-04-08 15:18:15 +10:00
yes-head.sh Shell syntax fix (leftover from a sync). 2024-04-25 13:33:39 +10:00

README.regress

Overview.

$ ./configure && make tests

You'll see some progress info. A failure will cause either the make to
abort or the driver script to report a "FATAL" failure.

The test consists of 2 parts. The first is the file-based tests which is
driven by the Makefile, and the second is a set of network or proxycommand
based tests, which are driven by a driver script (test-exec.sh) which is
called multiple times by the Makefile.

Failures in the first part will cause the Makefile to return an error.
Failures in the second part will print a "FATAL" message for the failed
test and continue.

OpenBSD has a system-wide regression test suite. OpenSSH Portable's test
suite is based on OpenBSD's with modifications.


Environment variables.

SKIP_UNIT: Skip unit tests.
SUDO: path to sudo/doas command, if desired. Note that some systems
	(notably systems using PAM) require sudo to execute some tests.
LTESTS: Whitespace separated list of tests (filenames without the .sh
	extension) to run.
SKIP_LTESTS: Whitespace separated list of tests to skip.
OBJ: used by test scripts to access build dir.
TEST_SHELL: shell used for running the test scripts.
TEST_SSH_FAIL_FATAL: set to "yes" to make any failure abort the test
	currently in progress.
TEST_SSH_PORT: TCP port to be used for the listening tests.
TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
TEST_SSH_SSHD_CONFOPTS: Configuration directives to be added to sshd_config
	before running each test.
TEST_SSH_SSH_CONFOPTS: Configuration directives to be added to
	ssh_config before running each test.
TEST_SSH_TRACE: set to "yes" for verbose output from tests 
TEST_SSH_x: path to "ssh" command under test, where x is one of
	SSH, SSHD, SSHAGENT, SSHADD, SSHKEYGEN, SSHKEYSCAN, SFTP or
	SFTPSERVER
USE_VALGRIND: Run the tests under valgrind memory checker.


Individual tests.

You can run an individual test from the top-level Makefile, eg:
$ make tests LTESTS=agent-timeout

If you need to manipulate the environment more you can invoke test-exec.sh
directly if you set up the path to find the binaries under test and the
test scripts themselves, for example:

$ cd regress
$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \
    agent-timeout.sh
ok agent timeout test


Files.

test-exec.sh: the main test driver. Sets environment, creates config files
and keys and runs the specified test.

At the time of writing, the individual tests are:
connect.sh:		simple connect
proxy-connect.sh:	proxy connect
connect-privsep.sh:	proxy connect with privsep
connect-uri.sh:		uri connect
proto-version.sh:	sshd version with different protocol combinations
proto-mismatch.sh:	protocol version mismatch
exit-status.sh:		remote exit status
envpass.sh:		environment passing
transfer.sh:		transfer data
banner.sh:		banner
rekey.sh:		rekey
stderr-data.sh:		stderr data transfer
stderr-after-eof.sh:	stderr data after eof
broken-pipe.sh:		broken pipe test
try-ciphers.sh:		try ciphers
yes-head.sh:		yes pipe head
login-timeout.sh:	connect after login grace timeout
agent.sh:		simple connect via agent
agent-getpeereid.sh:	disallow agent attach from other uid
agent-timeout.sh:	agent timeout test
agent-ptrace.sh:	disallow agent ptrace attach
keyscan.sh:		keyscan
keygen-change.sh:	change passphrase for key
keygen-convert.sh:	convert keys
keygen-moduli.sh:	keygen moduli
key-options.sh:		key options
scp.sh:			scp
scp-uri.sh:		scp-uri
sftp.sh:		basic sftp put/get
sftp-chroot.sh:		sftp in chroot
sftp-cmds.sh:		sftp command
sftp-badcmds.sh:	sftp invalid commands
sftp-batch.sh:		sftp batchfile
sftp-glob.sh:		sftp glob
sftp-perm.sh:		sftp permissions
sftp-uri.sh:		sftp-uri
ssh-com-client.sh:	connect with ssh.com client
ssh-com-keygen.sh:	ssh.com key import
ssh-com-sftp.sh:	basic sftp put/get with ssh.com server
ssh-com.sh:		connect to ssh.com server
reconfigure.sh:		simple connect after reconfigure
dynamic-forward.sh:	dynamic forwarding
forwarding.sh:		local and remote forwarding
multiplex.sh:		connection multiplexing
reexec.sh:		reexec tests
brokenkeys.sh:		broken keys
sshcfgparse.sh:		ssh config parse
cfgparse.sh:		sshd config parse
cfgmatch.sh:		sshd_config match
cfgmatchlisten.sh:	sshd_config matchlisten
addrmatch.sh:		address match
localcommand.sh:	localcommand
forcecommand.sh:	forced command
portnum.sh:		port number parsing
keytype.sh:		login with different key types
kextype.sh:		login with different key exchange algorithms
cert-hostkey.sh		certified host keys
cert-userkey.sh:	certified user keys
host-expand.sh:		expand %h and %n
keys-command.sh:	authorized keys from command
forward-control.sh:	sshd control of local and remote forwarding
integrity.sh:		integrity
krl.sh:			key revocation lists
multipubkey.sh:		multiple pubkey
limit-keytype.sh:	restrict pubkey type
hostkey-agent.sh:	hostkey agent
keygen-knownhosts.sh:	ssh-keygen known_hosts
hostkey-rotate.sh:	hostkey rotate
principals-command.sh:	authorized principals command
cert-file.sh:		ssh with certificates
cfginclude.sh:		config include
allow-deny-users.sh:	AllowUsers/DenyUsers
authinfo.sh:		authinfo


Problems?

Run the failing test with shell tracing (-x) turned on:
$ PATH=`pwd`/..:$PATH:. sh -x test-exec.sh `pwd` agent-timeout.sh

Failed tests can be difficult to diagnose. Suggestions:
- run the individual test via ./test-exec.sh `pwd` [testname]
- set LogLevel to VERBOSE in test-exec.sh and enable syslogging of
  auth.debug (eg to /var/log/authlog).


Known Issues.

- Similarly, if you do not have "scp" in your system's $PATH then the
  multiplex scp tests will fail (since the system's shell startup scripts
  will determine where the shell started by sshd will look for scp).

- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
  test to fail.  The old behaviour can be restored by setting (and
  exporting) _POSIX2_VERSION=199209 before running the tests.