1d95e11bfSDag-Erling SmørgravOverview. 2d95e11bfSDag-Erling Smørgrav 3d95e11bfSDag-Erling Smørgrav$ ./configure && make tests 4d95e11bfSDag-Erling Smørgrav 5d95e11bfSDag-Erling SmørgravYou'll see some progress info. A failure will cause either the make to 6d95e11bfSDag-Erling Smørgravabort or the driver script to report a "FATAL" failure. 7d95e11bfSDag-Erling Smørgrav 8d95e11bfSDag-Erling SmørgravThe test consists of 2 parts. The first is the file-based tests which is 9d95e11bfSDag-Erling Smørgravdriven by the Makefile, and the second is a set of network or proxycommand 10d95e11bfSDag-Erling Smørgravbased tests, which are driven by a driver script (test-exec.sh) which is 11d95e11bfSDag-Erling Smørgravcalled multiple times by the Makefile. 12d95e11bfSDag-Erling Smørgrav 13d95e11bfSDag-Erling SmørgravFailures in the first part will cause the Makefile to return an error. 14d95e11bfSDag-Erling SmørgravFailures in the second part will print a "FATAL" message for the failed 15d95e11bfSDag-Erling Smørgravtest and continue. 16d95e11bfSDag-Erling Smørgrav 17d95e11bfSDag-Erling SmørgravOpenBSD has a system-wide regression test suite. OpenSSH Portable's test 18d95e11bfSDag-Erling Smørgravsuite is based on OpenBSD's with modifications. 19d95e11bfSDag-Erling Smørgrav 20d95e11bfSDag-Erling Smørgrav 21d95e11bfSDag-Erling SmørgravEnvironment variables. 22d95e11bfSDag-Erling Smørgrav 23d95e11bfSDag-Erling SmørgravSKIP_UNIT: Skip unit tests. 24d95e11bfSDag-Erling SmørgravSUDO: path to sudo/doas command, if desired. Note that some systems 25efcad6b7SDag-Erling Smørgrav (notably systems using PAM) require sudo to execute some tests. 26d95e11bfSDag-Erling SmørgravLTESTS: Whitespace separated list of tests (filenames without the .sh 27d95e11bfSDag-Erling Smørgrav extension) to run. 28d95e11bfSDag-Erling SmørgravSKIP_LTESTS: Whitespace separated list of tests to skip. 29d95e11bfSDag-Erling SmørgravOBJ: used by test scripts to access build dir. 30d74d50a8SDag-Erling SmørgravTEST_SHELL: shell used for running the test scripts. 31d74d50a8SDag-Erling SmørgravTEST_SSH_FAIL_FATAL: set to "yes" to make any failure abort the test 32d74d50a8SDag-Erling Smørgrav currently in progress. 33d74d50a8SDag-Erling SmørgravTEST_SSH_PORT: TCP port to be used for the listening tests. 34d74d50a8SDag-Erling SmørgravTEST_SSH_QUIET: set to "yes" to suppress non-fatal output. 35d74d50a8SDag-Erling SmørgravTEST_SSH_SSHD_CONFOPTS: Configuration directives to be added to sshd_config 36d95e11bfSDag-Erling Smørgrav before running each test. 37d95e11bfSDag-Erling SmørgravTEST_SSH_SSH_CONFOPTS: Configuration directives to be added to 38d95e11bfSDag-Erling Smørgrav ssh_config before running each test. 39d95e11bfSDag-Erling SmørgravTEST_SSH_TRACE: set to "yes" for verbose output from tests 40d74d50a8SDag-Erling SmørgravTEST_SSH_x: path to "ssh" command under test, where x is one of 41d74d50a8SDag-Erling Smørgrav SSH, SSHD, SSHAGENT, SSHADD, SSHKEYGEN, SSHKEYSCAN, SFTP or 42d74d50a8SDag-Erling Smørgrav SFTPSERVER 43d74d50a8SDag-Erling SmørgravUSE_VALGRIND: Run the tests under valgrind memory checker. 44d74d50a8SDag-Erling Smørgrav 45d74d50a8SDag-Erling Smørgrav 46d95e11bfSDag-Erling SmørgravIndividual tests. 47d95e11bfSDag-Erling Smørgrav 48d74d50a8SDag-Erling SmørgravYou can run an individual test from the top-level Makefile, eg: 49d74d50a8SDag-Erling Smørgrav$ make tests LTESTS=agent-timeout 50d95e11bfSDag-Erling Smørgrav 51d95e11bfSDag-Erling SmørgravIf you need to manipulate the environment more you can invoke test-exec.sh 52d95e11bfSDag-Erling Smørgravdirectly if you set up the path to find the binaries under test and the 53d95e11bfSDag-Erling Smørgravtest scripts themselves, for example: 54d95e11bfSDag-Erling Smørgrav 55d95e11bfSDag-Erling Smørgrav$ cd regress 56d95e11bfSDag-Erling Smørgrav$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \ 57d95e11bfSDag-Erling Smørgrav agent-timeout.sh 58d95e11bfSDag-Erling Smørgravok agent timeout test 59d95e11bfSDag-Erling Smørgrav 60d95e11bfSDag-Erling Smørgrav 61d95e11bfSDag-Erling SmørgravFiles. 62d95e11bfSDag-Erling Smørgrav 63d95e11bfSDag-Erling Smørgravtest-exec.sh: the main test driver. Sets environment, creates config files 64d95e11bfSDag-Erling Smørgravand keys and runs the specified test. 65d95e11bfSDag-Erling Smørgrav 66d95e11bfSDag-Erling SmørgravAt the time of writing, the individual tests are: 67d95e11bfSDag-Erling Smørgravconnect.sh: simple connect 68d95e11bfSDag-Erling Smørgravproxy-connect.sh: proxy connect 69d95e11bfSDag-Erling Smørgravconnect-privsep.sh: proxy connect with privsep 70d95e11bfSDag-Erling Smørgravconnect-uri.sh: uri connect 71d95e11bfSDag-Erling Smørgravproto-version.sh: sshd version with different protocol combinations 72d95e11bfSDag-Erling Smørgravproto-mismatch.sh: protocol version mismatch 73d95e11bfSDag-Erling Smørgravexit-status.sh: remote exit status 74d95e11bfSDag-Erling Smørgravenvpass.sh: environment passing 75d95e11bfSDag-Erling Smørgravtransfer.sh: transfer data 76d95e11bfSDag-Erling Smørgravbanner.sh: banner 77d95e11bfSDag-Erling Smørgravrekey.sh: rekey 78d95e11bfSDag-Erling Smørgravstderr-data.sh: stderr data transfer 79d95e11bfSDag-Erling Smørgravstderr-after-eof.sh: stderr data after eof 80d95e11bfSDag-Erling Smørgravbroken-pipe.sh: broken pipe test 81d95e11bfSDag-Erling Smørgravtry-ciphers.sh: try ciphers 82d95e11bfSDag-Erling Smørgravyes-head.sh: yes pipe head 83d95e11bfSDag-Erling Smørgravlogin-timeout.sh: connect after login grace timeout 84d95e11bfSDag-Erling Smørgravagent.sh: simple connect via agent 85d95e11bfSDag-Erling Smørgravagent-getpeereid.sh: disallow agent attach from other uid 86d95e11bfSDag-Erling Smørgravagent-timeout.sh: agent timeout test 87d95e11bfSDag-Erling Smørgravagent-ptrace.sh: disallow agent ptrace attach 88d95e11bfSDag-Erling Smørgravkeyscan.sh: keyscan 89d95e11bfSDag-Erling Smørgravkeygen-change.sh: change passphrase for key 90d95e11bfSDag-Erling Smørgravkeygen-convert.sh: convert keys 91d95e11bfSDag-Erling Smørgravkeygen-moduli.sh: keygen moduli 92d95e11bfSDag-Erling Smørgravkey-options.sh: key options 93d95e11bfSDag-Erling Smørgravscp.sh: scp 94d95e11bfSDag-Erling Smørgravscp-uri.sh: scp-uri 95d95e11bfSDag-Erling Smørgravsftp.sh: basic sftp put/get 9652028650SDag-Erling Smørgravsftp-chroot.sh: sftp in chroot 9752028650SDag-Erling Smørgravsftp-cmds.sh: sftp command 9852028650SDag-Erling Smørgravsftp-badcmds.sh: sftp invalid commands 99efcad6b7SDag-Erling Smørgravsftp-batch.sh: sftp batchfile 100021d409fSDag-Erling Smørgravsftp-glob.sh: sftp glob 101021d409fSDag-Erling Smørgravsftp-perm.sh: sftp permissions 102021d409fSDag-Erling Smørgravsftp-uri.sh: sftp-uri 103021d409fSDag-Erling Smørgravssh-com-client.sh: connect with ssh.com client 104d74d50a8SDag-Erling Smørgravssh-com-keygen.sh: ssh.com key import 105d74d50a8SDag-Erling Smørgravssh-com-sftp.sh: basic sftp put/get with ssh.com server 106d74d50a8SDag-Erling Smørgravssh-com.sh: connect to ssh.com server 107d74d50a8SDag-Erling Smørgravreconfigure.sh: simple connect after reconfigure 108021d409fSDag-Erling Smørgravdynamic-forward.sh: dynamic forwarding 109forwarding.sh: local and remote forwarding 110multiplex.sh: connection multiplexing 111reexec.sh: reexec tests 112brokenkeys.sh: broken keys 113sshcfgparse.sh: ssh config parse 114cfgparse.sh: sshd config parse 115cfgmatch.sh: sshd_config match 116cfgmatchlisten.sh: sshd_config matchlisten 117addrmatch.sh: address match 118localcommand.sh: localcommand 119forcecommand.sh: forced command 120portnum.sh: port number parsing 121keytype.sh: login with different key types 122kextype.sh: login with different key exchange algorithms 123cert-hostkey.sh certified host keys 124cert-userkey.sh: certified user keys 125host-expand.sh: expand %h and %n 126keys-command.sh: authorized keys from command 127forward-control.sh: sshd control of local and remote forwarding 128integrity.sh: integrity 129krl.sh: key revocation lists 130multipubkey.sh: multiple pubkey 131limit-keytype.sh: restrict pubkey type 132hostkey-agent.sh: hostkey agent 133keygen-knownhosts.sh: ssh-keygen known_hosts 134hostkey-rotate.sh: hostkey rotate 135principals-command.sh: authorized principals command 136cert-file.sh: ssh with certificates 137cfginclude.sh: config include 138allow-deny-users.sh: AllowUsers/DenyUsers 139authinfo.sh: authinfo 140 141 142Problems? 143 144Run the failing test with shell tracing (-x) turned on: 145$ PATH=`pwd`/..:$PATH:. sh -x test-exec.sh `pwd` agent-timeout.sh 146 147Failed tests can be difficult to diagnose. Suggestions: 148- run the individual test via ./test-exec.sh `pwd` [testname] 149- set LogLevel to VERBOSE in test-exec.sh and enable syslogging of 150 auth.debug (eg to /var/log/authlog). 151 152 153Known Issues. 154 155- Similarly, if you do not have "scp" in your system's $PATH then the 156 multiplex scp tests will fail (since the system's shell startup scripts 157 will determine where the shell started by sshd will look for scp). 158 159- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head 160 test to fail. The old behaviour can be restored by setting (and 161 exporting) _POSIX2_VERSION=199209 before running the tests. 162