openssh-portable/regress
djm@openbsd.org fc5dc09283
upstream: this test has been broken since 2014, and has been
testing the same key exchange algorithm repeatedly instead of testing all of
them. Spotted by nreilly AT blackberry.com in bz3692

Who broke the test? me.

OpenBSD-Regress-ID: 48f4f5946276f975667141957d25441b3c9a50e2
2024-05-22 14:21:50 +10:00
..
misc update fuzzer example makefile to clang16 2024-01-08 14:46:19 +11:00
unittests upstream: Add missing kex-names.c source file required since the 2024-05-22 14:21:50 +10:00
Makefile quote regexes used to test for algorithm support 2024-03-10 16:24:57 +11:00
README.regress Add SKIP_LTESTS for skipping specific tests. 2019-09-30 14:11:42 +10:00
addrmatch.sh upstream: Ensure that address/mask mismatches are flagged at 2020-09-09 13:12:29 +10:00
agent-getpeereid.sh upstream: ssh-agent doesn't actually take -v, 2023-02-09 21:08:16 +11:00
agent-pkcs11-cert.sh upstream: regress test for agent PKCS#11-backed certificates 2023-12-19 01:57:37 +11:00
agent-pkcs11-restrict.sh upstream: regress test for constrained PKCS#11 keys 2023-12-19 01:57:16 +11:00
agent-pkcs11.sh upstream: move PKCS#11 setup code to test-exec.sh so it can be reused 2023-10-31 10:04:32 +11:00
agent-ptrace.sh Also look for gdb error message from OpenIndiana. 2023-03-27 12:22:30 +11:00
agent-restrict.sh upstream: Rework logging for the regression tests. 2023-03-01 22:02:47 +11:00
agent-subprocess.sh upstream: Test that ssh-agent exits when running as as subprocess 2020-06-19 16:06:53 +10:00
agent-timeout.sh upstream: test FIDO2/U2F key types; ok markus@ 2019-11-27 11:02:49 +11:00
agent.sh upstream: Rework logging for the regression tests. 2023-03-01 22:02:47 +11:00
allow-deny-users.sh upstream: prepare for stricter sshd_config parsing that will refuse 2021-06-08 17:17:24 +10:00
authinfo.sh
banner.sh upstream: Drop -q in ssh-log-wrapper.sh to preserve logs. 2021-08-08 17:19:56 +10:00
broken-pipe.sh
brokenkeys.sh
cert-file.sh upstream: test FIDO2/U2F key types; ok markus@ 2019-11-27 11:02:49 +11:00
cert-hostkey.sh upstream: Fix up whitespace left by previous 2021-10-01 14:55:12 +10:00
cert-userkey.sh upstream: Fix up whitespace left by previous 2021-10-01 14:55:12 +10:00
cfginclude.sh upstream: sprinkle some "# comment" at end of configuration lines 2021-06-08 17:17:24 +10:00
cfgmatch.sh upstream: sprinkle some "# comment" at end of configuration lines 2021-06-08 17:17:24 +10:00
cfgmatchlisten.sh upstream: Increase timeout. Resyncs with portable where some of 2024-03-26 18:46:58 +11:00
cfgparse.sh
channel-timeout.sh skip tests that use multiplexing on Windows 2024-01-16 14:40:18 +11:00
check-perm.c
cipher-speed.sh upstream: Enable all supported ciphers and macs in the server 2022-02-02 16:51:04 +11:00
conch-ciphers.sh upstream: Skip conch interop tests when not enabled instead of fatal. 2023-10-27 00:02:26 +11:00
connect-privsep.sh Remove only use of warn(). 2021-04-07 17:02:51 +10:00
connect-uri.sh
connect.sh upstream: Move setting $NC into test-exec since it's now used by 2020-01-25 14:33:53 +11:00
connection-timeout.sh Skip connection-timeout when missing FD passing. 2023-01-25 21:58:40 +11:00
dhgex.sh upstream: Quote grep and log message better. 2023-03-02 19:32:18 +11:00
dropbear-ciphers.sh upstream: Add interop test with Dropbear. 2023-10-20 18:35:32 +11:00
dropbear-kex.sh upstream: Add interop test with Dropbear. 2023-10-20 18:35:32 +11:00
dsa_ssh2.prv
dsa_ssh2.pub
dynamic-forward.sh upstream: Invoke ProxyCommand that uses stderr redirection via 2024-03-08 23:12:10 +11:00
ed25519_openssh.prv upstream: Add ed25519 key and test SSHFP export of it. Only test 2021-07-19 12:50:51 +10:00
ed25519_openssh.pub upstream: Add ed25519 key and test SSHFP export of it. Only test 2021-07-19 12:50:51 +10:00
envpass.sh upstream: test setenv in both client and server, test first-match-wins 2022-06-03 14:34:12 +10:00
exit-status-signal.sh upstream: Add test for client termination status on signal. 2021-09-03 14:35:07 +10:00
exit-status.sh
forcecommand.sh upstream: Specify ssh binary to use 2023-11-01 13:55:45 +11:00
forward-control.sh upstream: don't need to start a command here; use ssh -N instead. 2023-07-30 11:41:45 +10:00
forwarding.sh upstream: Increase ConnectionAttempts from 4 to 10 as the tests 2021-05-07 19:42:35 +10:00
host-expand.sh
hostbased.sh upstream: Fix comment typo. 2022-12-09 11:24:14 +11:00
hostkey-agent.sh upstream: Remove references to privsep. 2021-10-01 14:55:12 +10:00
hostkey-rotate.sh upstream: select all RSA hostkey algorithms for UpdateHostkeys tests, 2022-01-05 19:31:37 +11:00
integrity.sh upstream: Rework logging for the regression tests. 2023-03-01 22:02:47 +11:00
kextype.sh
key-options.sh upstream: Save error code from SSH for use inside case statement, 2024-03-26 18:47:22 +11:00
keygen-change.sh upstream: test security key host keys in addition to user keys 2019-12-21 13:35:42 +11:00
keygen-comment.sh upstream: Backslash '$' at then end of string. Prevents warning on 2020-04-22 11:35:49 +10:00
keygen-convert.sh upstream: Skip RFC4716 format import and export tests when built 2021-07-24 14:22:45 +10:00
keygen-knownhosts.sh
keygen-moduli.sh upstream: Update keygen moduli screen test to match recent command 2020-01-03 13:47:32 +11:00
keygen-sshfp.sh upstream: test -Ohashalg=... and that the default output contains both 2023-02-10 16:13:06 +11:00
keys-command.sh upstream: Use "skip" instead of "fatal" 2021-10-01 14:55:12 +10:00
keyscan.sh Remove unintended changes. 2022-07-14 19:22:47 +10:00
keytype.sh upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/ 2021-02-25 15:15:46 +11:00
knownhosts-command.sh upstream: adapt to RSA/SHA1 deprectation 2021-08-30 11:26:02 +10:00
knownhosts.sh upstream: Test adding terminating newline to known_hosts. 2023-02-09 21:08:33 +11:00
krl.sh upstream: unbreak test: cannot access shell positional parameters 2023-01-17 21:07:09 +11:00
limit-keytype.sh upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/ 2021-02-25 15:15:46 +11:00
localcommand.sh
login-timeout.sh upstream: Remove references to privsep. 2021-10-01 14:55:12 +10:00
match-subsystem.sh upstream: regression test for override of subsystem in match blocks 2023-09-07 09:58:04 +10:00
mkdtemp.c
modpipe.c
moduli.in
multiplex.sh Use "skip" function instead doing it ourselves. 2024-02-06 11:18:44 +11:00
multipubkey.sh upstream: test AuthenticationMethods inside a Match block as well 2021-06-08 17:17:24 +10:00
netcat.c fix netcat build problem 2020-10-17 11:33:13 +11:00
percent.sh Move xpg4 'id' handling into test-exec.sh. 2024-03-25 14:05:40 +11:00
portnum.sh
principals-command.sh upstream: Fix up whitespace left by previous 2021-10-01 14:55:12 +10:00
proto-mismatch.sh
proto-version.sh
proxy-connect.sh upstream: Handle zlib compression being disabled now that it's 2020-01-23 22:34:37 +11:00
putty-ciphers.sh upstream: Exapnd PuTTY test coverage. 2024-02-19 18:49:00 +11:00
putty-kex.sh upstream: Exapnd PuTTY test coverage. 2024-02-19 18:49:00 +11:00
putty-transfer.sh upstream: Exapnd PuTTY test coverage. 2024-02-19 18:49:00 +11:00
reconfigure.sh upstream: Use $SUDO when reading sshd's pidfile here too. 2021-06-10 20:15:20 +10:00
reexec.sh upstream: Check if we can copy sshd or need to use sudo to do so 2023-02-02 23:15:47 +11:00
rekey.sh upstream: this test has been broken since 2014, and has been 2024-05-22 14:21:50 +10:00
rsa_openssh.prv
rsa_openssh.pub
rsa_ssh2.prv
scp-ssh-wrapper.sh upstream: add regression tests for scp for out-of-destination path file 2019-07-19 13:53:27 +10:00
scp-uri.sh upstream: Move scp path setting to a helper function. The previous 2023-01-13 16:02:49 +11:00
scp.sh upstream: regress test for recursive copies of directories containing 2023-09-08 15:59:21 +10:00
scp3.sh upstream: regress test recursive remote-remote directories copies where 2023-09-08 16:12:05 +10:00
servcfginclude.sh upstream: sprinkle some "# comment" at end of configuration lines 2021-06-08 17:17:24 +10:00
setuid-allowed.c
sftp-badcmds.sh upstream: some more speeling mistakes from 2020-03-14 19:40:16 +11:00
sftp-batch.sh
sftp-chroot.sh upstream: test ChrootDirectory in Match block 2023-07-30 11:18:09 +10:00
sftp-cmds.sh upstream: Use egrep instead of grep -E. 2024-03-29 22:01:20 +11:00
sftp-glob.sh
sftp-perm.sh upstream: cannot effectively test posix-rename extension after 2021-04-01 09:22:53 +11:00
sftp-uri.sh
sftp.sh
ssh-com-client.sh
ssh-com-keygen.sh
ssh-com-sftp.sh
ssh-com.sh
ssh2putty.sh upstream: Replace OPENSSL as the variable that points to the 2021-07-25 22:35:24 +10:00
sshcfgparse.sh upstream: Add testcases from bz#3319 for IPQoS and TunnelDevice 2021-06-08 17:17:24 +10:00
sshfp-connect.sh upstream: Add a function to skip remaining tests. 2021-09-01 11:40:43 +10:00
sshsig.sh upstream: typos and extra debug trace calls 2023-10-12 14:52:46 +11:00
stderr-after-eof.sh
stderr-data.sh
t4.ok
t5.ok
t11.ok
test-exec.sh upstream: allow overriding the sshd-session binary path 2024-05-17 14:41:39 +10:00
timestamp.c upstream: Rework logging for the regression tests. 2023-03-01 22:02:47 +11:00
transfer.sh
try-ciphers.sh
valgrind-unit.sh Ensure valgrind-out exists. 2021-04-08 15:18:15 +10:00
yes-head.sh Shell syntax fix (leftover from a sync). 2024-04-25 13:33:39 +10:00

README.regress

Overview.

$ ./configure && make tests

You'll see some progress info. A failure will cause either the make to
abort or the driver script to report a "FATAL" failure.

The test consists of 2 parts. The first is the file-based tests which is
driven by the Makefile, and the second is a set of network or proxycommand
based tests, which are driven by a driver script (test-exec.sh) which is
called multiple times by the Makefile.

Failures in the first part will cause the Makefile to return an error.
Failures in the second part will print a "FATAL" message for the failed
test and continue.

OpenBSD has a system-wide regression test suite. OpenSSH Portable's test
suite is based on OpenBSD's with modifications.


Environment variables.

SKIP_UNIT: Skip unit tests.
SUDO: path to sudo/doas command, if desired. Note that some systems
	(notably systems using PAM) require sudo to execute some tests.
LTESTS: Whitespace separated list of tests (filenames without the .sh
	extension) to run.
SKIP_LTESTS: Whitespace separated list of tests to skip.
OBJ: used by test scripts to access build dir.
TEST_SHELL: shell used for running the test scripts.
TEST_SSH_FAIL_FATAL: set to "yes" to make any failure abort the test
	currently in progress.
TEST_SSH_PORT: TCP port to be used for the listening tests.
TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
TEST_SSH_SSHD_CONFOPTS: Configuration directives to be added to sshd_config
	before running each test.
TEST_SSH_SSH_CONFOPTS: Configuration directives to be added to
	ssh_config before running each test.
TEST_SSH_TRACE: set to "yes" for verbose output from tests 
TEST_SSH_x: path to "ssh" command under test, where x is one of
	SSH, SSHD, SSHAGENT, SSHADD, SSHKEYGEN, SSHKEYSCAN, SFTP or
	SFTPSERVER
USE_VALGRIND: Run the tests under valgrind memory checker.


Individual tests.

You can run an individual test from the top-level Makefile, eg:
$ make tests LTESTS=agent-timeout

If you need to manipulate the environment more you can invoke test-exec.sh
directly if you set up the path to find the binaries under test and the
test scripts themselves, for example:

$ cd regress
$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \
    agent-timeout.sh
ok agent timeout test


Files.

test-exec.sh: the main test driver. Sets environment, creates config files
and keys and runs the specified test.

At the time of writing, the individual tests are:
connect.sh:		simple connect
proxy-connect.sh:	proxy connect
connect-privsep.sh:	proxy connect with privsep
connect-uri.sh:		uri connect
proto-version.sh:	sshd version with different protocol combinations
proto-mismatch.sh:	protocol version mismatch
exit-status.sh:		remote exit status
envpass.sh:		environment passing
transfer.sh:		transfer data
banner.sh:		banner
rekey.sh:		rekey
stderr-data.sh:		stderr data transfer
stderr-after-eof.sh:	stderr data after eof
broken-pipe.sh:		broken pipe test
try-ciphers.sh:		try ciphers
yes-head.sh:		yes pipe head
login-timeout.sh:	connect after login grace timeout
agent.sh:		simple connect via agent
agent-getpeereid.sh:	disallow agent attach from other uid
agent-timeout.sh:	agent timeout test
agent-ptrace.sh:	disallow agent ptrace attach
keyscan.sh:		keyscan
keygen-change.sh:	change passphrase for key
keygen-convert.sh:	convert keys
keygen-moduli.sh:	keygen moduli
key-options.sh:		key options
scp.sh:			scp
scp-uri.sh:		scp-uri
sftp.sh:		basic sftp put/get
sftp-chroot.sh:		sftp in chroot
sftp-cmds.sh:		sftp command
sftp-badcmds.sh:	sftp invalid commands
sftp-batch.sh:		sftp batchfile
sftp-glob.sh:		sftp glob
sftp-perm.sh:		sftp permissions
sftp-uri.sh:		sftp-uri
ssh-com-client.sh:	connect with ssh.com client
ssh-com-keygen.sh:	ssh.com key import
ssh-com-sftp.sh:	basic sftp put/get with ssh.com server
ssh-com.sh:		connect to ssh.com server
reconfigure.sh:		simple connect after reconfigure
dynamic-forward.sh:	dynamic forwarding
forwarding.sh:		local and remote forwarding
multiplex.sh:		connection multiplexing
reexec.sh:		reexec tests
brokenkeys.sh:		broken keys
sshcfgparse.sh:		ssh config parse
cfgparse.sh:		sshd config parse
cfgmatch.sh:		sshd_config match
cfgmatchlisten.sh:	sshd_config matchlisten
addrmatch.sh:		address match
localcommand.sh:	localcommand
forcecommand.sh:	forced command
portnum.sh:		port number parsing
keytype.sh:		login with different key types
kextype.sh:		login with different key exchange algorithms
cert-hostkey.sh		certified host keys
cert-userkey.sh:	certified user keys
host-expand.sh:		expand %h and %n
keys-command.sh:	authorized keys from command
forward-control.sh:	sshd control of local and remote forwarding
integrity.sh:		integrity
krl.sh:			key revocation lists
multipubkey.sh:		multiple pubkey
limit-keytype.sh:	restrict pubkey type
hostkey-agent.sh:	hostkey agent
keygen-knownhosts.sh:	ssh-keygen known_hosts
hostkey-rotate.sh:	hostkey rotate
principals-command.sh:	authorized principals command
cert-file.sh:		ssh with certificates
cfginclude.sh:		config include
allow-deny-users.sh:	AllowUsers/DenyUsers
authinfo.sh:		authinfo


Problems?

Run the failing test with shell tracing (-x) turned on:
$ PATH=`pwd`/..:$PATH:. sh -x test-exec.sh `pwd` agent-timeout.sh

Failed tests can be difficult to diagnose. Suggestions:
- run the individual test via ./test-exec.sh `pwd` [testname]
- set LogLevel to VERBOSE in test-exec.sh and enable syslogging of
  auth.debug (eg to /var/log/authlog).


Known Issues.

- Similarly, if you do not have "scp" in your system's $PATH then the
  multiplex scp tests will fail (since the system's shell startup scripts
  will determine where the shell started by sshd will look for scp).

- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
  test to fail.  The old behaviour can be restored by setting (and
  exporting) _POSIX2_VERSION=199209 before running the tests.