mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-25 19:32:09 +00:00
58ceacdcba
Readme regress document is missing various individual tests, which are supported currently. Update README to include those test cases.
161 lines
5.7 KiB
Plaintext
161 lines
5.7 KiB
Plaintext
Overview.
|
|
|
|
$ ./configure && make tests
|
|
|
|
You'll see some progress info. A failure will cause either the make to
|
|
abort or the driver script to report a "FATAL" failure.
|
|
|
|
The test consists of 2 parts. The first is the file-based tests which is
|
|
driven by the Makefile, and the second is a set of network or proxycommand
|
|
based tests, which are driven by a driver script (test-exec.sh) which is
|
|
called multiple times by the Makefile.
|
|
|
|
Failures in the first part will cause the Makefile to return an error.
|
|
Failures in the second part will print a "FATAL" message for the failed
|
|
test and continue.
|
|
|
|
OpenBSD has a system-wide regression test suite. OpenSSH Portable's test
|
|
suite is based on OpenBSD's with modifications.
|
|
|
|
|
|
Environment variables.
|
|
|
|
SKIP_UNIT: Skip unit tests.
|
|
SUDO: path to sudo/doas command, if desired. Note that some systems
|
|
(notably systems using PAM) require sudo to execute some tests.
|
|
LTESTS: Whitespace separated list of tests (filenames without the .sh
|
|
extension) to run.
|
|
OBJ: used by test scripts to access build dir.
|
|
TEST_SHELL: shell used for running the test scripts.
|
|
TEST_SSH_FAIL_FATAL: set to "yes" to make any failure abort the test
|
|
currently in progress.
|
|
TEST_SSH_PORT: TCP port to be used for the listening tests.
|
|
TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
|
|
TEST_SSH_SSHD_CONFOPTS: Configuration directives to be added to sshd_config
|
|
before running each test.
|
|
TEST_SSH_SSH_CONFOPTS: Configuration directives to be added to
|
|
ssh_config before running each test.
|
|
TEST_SSH_TRACE: set to "yes" for verbose output from tests
|
|
TEST_SSH_x: path to "ssh" command under test, where x is one of
|
|
SSH, SSHD, SSHAGENT, SSHADD, SSHKEYGEN, SSHKEYSCAN, SFTP or
|
|
SFTPSERVER
|
|
USE_VALGRIND: Run the tests under valgrind memory checker.
|
|
|
|
|
|
Individual tests.
|
|
|
|
You can run an individual test from the top-level Makefile, eg:
|
|
$ make tests LTESTS=agent-timeout
|
|
|
|
If you need to manipulate the environment more you can invoke test-exec.sh
|
|
directly if you set up the path to find the binaries under test and the
|
|
test scripts themselves, for example:
|
|
|
|
$ cd regress
|
|
$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \
|
|
agent-timeout.sh
|
|
ok agent timeout test
|
|
|
|
|
|
Files.
|
|
|
|
test-exec.sh: the main test driver. Sets environment, creates config files
|
|
and keys and runs the specified test.
|
|
|
|
At the time of writing, the individual tests are:
|
|
connect.sh: simple connect
|
|
proxy-connect.sh: proxy connect
|
|
connect-privsep.sh: proxy connect with privsep
|
|
connect-uri.sh: uri connect
|
|
proto-version.sh: sshd version with different protocol combinations
|
|
proto-mismatch.sh: protocol version mismatch
|
|
exit-status.sh: remote exit status
|
|
envpass.sh: environment passing
|
|
transfer.sh: transfer data
|
|
banner.sh: banner
|
|
rekey.sh: rekey
|
|
stderr-data.sh: stderr data transfer
|
|
stderr-after-eof.sh: stderr data after eof
|
|
broken-pipe.sh: broken pipe test
|
|
try-ciphers.sh: try ciphers
|
|
yes-head.sh: yes pipe head
|
|
login-timeout.sh: connect after login grace timeout
|
|
agent.sh: simple connect via agent
|
|
agent-getpeereid.sh: disallow agent attach from other uid
|
|
agent-timeout.sh: agent timeout test
|
|
agent-ptrace.sh: disallow agent ptrace attach
|
|
keyscan.sh: keyscan
|
|
keygen-change.sh: change passphrase for key
|
|
keygen-convert.sh: convert keys
|
|
keygen-moduli.sh: keygen moduli
|
|
key-options.sh: key options
|
|
scp.sh: scp
|
|
scp-uri.sh: scp-uri
|
|
sftp.sh: basic sftp put/get
|
|
sftp-chroot.sh: sftp in chroot
|
|
sftp-cmds.sh: sftp command
|
|
sftp-badcmds.sh: sftp invalid commands
|
|
sftp-batch.sh: sftp batchfile
|
|
sftp-glob.sh: sftp glob
|
|
sftp-perm.sh: sftp permissions
|
|
sftp-uri.sh: sftp-uri
|
|
ssh-com-client.sh: connect with ssh.com client
|
|
ssh-com-keygen.sh: ssh.com key import
|
|
ssh-com-sftp.sh: basic sftp put/get with ssh.com server
|
|
ssh-com.sh: connect to ssh.com server
|
|
reconfigure.sh: simple connect after reconfigure
|
|
dynamic-forward.sh: dynamic forwarding
|
|
forwarding.sh: local and remote forwarding
|
|
multiplex.sh: connection multiplexing
|
|
reexec.sh: reexec tests
|
|
brokenkeys.sh: broken keys
|
|
sshcfgparse.sh: ssh config parse
|
|
cfgparse.sh: sshd config parse
|
|
cfgmatch.sh: sshd_config match
|
|
cfgmatchlisten.sh: sshd_config matchlisten
|
|
addrmatch.sh: address match
|
|
localcommand.sh: localcommand
|
|
forcecommand.sh: forced command
|
|
portnum.sh: port number parsing
|
|
keytype.sh: login with different key types
|
|
kextype.sh: login with different key exchange algorithms
|
|
cert-hostkey.sh certified host keys
|
|
cert-userkey.sh: certified user keys
|
|
host-expand.sh: expand %h and %n
|
|
keys-command.sh: authorized keys from command
|
|
forward-control.sh: sshd control of local and remote forwarding
|
|
integrity.sh: integrity
|
|
krl.sh: key revocation lists
|
|
multipubkey.sh: multiple pubkey
|
|
limit-keytype.sh: restrict pubkey type
|
|
hostkey-agent.sh: hostkey agent
|
|
keygen-knownhosts.sh: ssh-keygen known_hosts
|
|
hostkey-rotate.sh: hostkey rotate
|
|
principals-command.sh: authorized principals command
|
|
cert-file.sh: ssh with certificates
|
|
cfginclude.sh: config include
|
|
allow-deny-users.sh: AllowUsers/DenyUsers
|
|
authinfo.sh: authinfo
|
|
|
|
|
|
Problems?
|
|
|
|
Run the failing test with shell tracing (-x) turned on:
|
|
$ PATH=`pwd`/..:$PATH:. sh -x test-exec.sh `pwd` agent-timeout.sh
|
|
|
|
Failed tests can be difficult to diagnose. Suggestions:
|
|
- run the individual test via ./test-exec.sh `pwd` [testname]
|
|
- set LogLevel to VERBOSE in test-exec.sh and enable syslogging of
|
|
auth.debug (eg to /var/log/authlog).
|
|
|
|
|
|
Known Issues.
|
|
|
|
- Similarly, if you do not have "scp" in your system's $PATH then the
|
|
multiplex scp tests will fail (since the system's shell startup scripts
|
|
will determine where the shell started by sshd will look for scp).
|
|
|
|
- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
|
|
test to fail. The old behaviour can be restored by setting (and
|
|
exporting) _POSIX2_VERSION=199209 before running the tests.
|