summaryrefslogtreecommitdiffstats
path: root/regress/README.regress
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--regress/README.regress161
1 files changed, 161 insertions, 0 deletions
diff --git a/regress/README.regress b/regress/README.regress
new file mode 100644
index 0000000..ac2e848
--- /dev/null
+++ b/regress/README.regress
@@ -0,0 +1,161 @@
+Overview.
+
+$ ./configure && make tests
+
+You'll see some progress info. A failure will cause either the make to
+abort or the driver script to report a "FATAL" failure.
+
+The test consists of 2 parts. The first is the file-based tests which is
+driven by the Makefile, and the second is a set of network or proxycommand
+based tests, which are driven by a driver script (test-exec.sh) which is
+called multiple times by the Makefile.
+
+Failures in the first part will cause the Makefile to return an error.
+Failures in the second part will print a "FATAL" message for the failed
+test and continue.
+
+OpenBSD has a system-wide regression test suite. OpenSSH Portable's test
+suite is based on OpenBSD's with modifications.
+
+
+Environment variables.
+
+SKIP_UNIT: Skip unit tests.
+SUDO: path to sudo/doas command, if desired. Note that some systems
+ (notably systems using PAM) require sudo to execute some tests.
+LTESTS: Whitespace separated list of tests (filenames without the .sh
+ extension) to run.
+SKIP_LTESTS: Whitespace separated list of tests to skip.
+OBJ: used by test scripts to access build dir.
+TEST_SHELL: shell used for running the test scripts.
+TEST_SSH_FAIL_FATAL: set to "yes" to make any failure abort the test
+ currently in progress.
+TEST_SSH_PORT: TCP port to be used for the listening tests.
+TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
+TEST_SSH_SSHD_CONFOPTS: Configuration directives to be added to sshd_config
+ before running each test.
+TEST_SSH_SSH_CONFOPTS: Configuration directives to be added to
+ ssh_config before running each test.
+TEST_SSH_TRACE: set to "yes" for verbose output from tests
+TEST_SSH_x: path to "ssh" command under test, where x is one of
+ SSH, SSHD, SSHAGENT, SSHADD, SSHKEYGEN, SSHKEYSCAN, SFTP or
+ SFTPSERVER
+USE_VALGRIND: Run the tests under valgrind memory checker.
+
+
+Individual tests.
+
+You can run an individual test from the top-level Makefile, eg:
+$ make tests LTESTS=agent-timeout
+
+If you need to manipulate the environment more you can invoke test-exec.sh
+directly if you set up the path to find the binaries under test and the
+test scripts themselves, for example:
+
+$ cd regress
+$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` \
+ agent-timeout.sh
+ok agent timeout test
+
+
+Files.
+
+test-exec.sh: the main test driver. Sets environment, creates config files
+and keys and runs the specified test.
+
+At the time of writing, the individual tests are:
+connect.sh: simple connect
+proxy-connect.sh: proxy connect
+connect-privsep.sh: proxy connect with privsep
+connect-uri.sh: uri connect
+proto-version.sh: sshd version with different protocol combinations
+proto-mismatch.sh: protocol version mismatch
+exit-status.sh: remote exit status
+envpass.sh: environment passing
+transfer.sh: transfer data
+banner.sh: banner
+rekey.sh: rekey
+stderr-data.sh: stderr data transfer
+stderr-after-eof.sh: stderr data after eof
+broken-pipe.sh: broken pipe test
+try-ciphers.sh: try ciphers
+yes-head.sh: yes pipe head
+login-timeout.sh: connect after login grace timeout
+agent.sh: simple connect via agent
+agent-getpeereid.sh: disallow agent attach from other uid
+agent-timeout.sh: agent timeout test
+agent-ptrace.sh: disallow agent ptrace attach
+keyscan.sh: keyscan
+keygen-change.sh: change passphrase for key
+keygen-convert.sh: convert keys
+keygen-moduli.sh: keygen moduli
+key-options.sh: key options
+scp.sh: scp
+scp-uri.sh: scp-uri
+sftp.sh: basic sftp put/get
+sftp-chroot.sh: sftp in chroot
+sftp-cmds.sh: sftp command
+sftp-badcmds.sh: sftp invalid commands
+sftp-batch.sh: sftp batchfile
+sftp-glob.sh: sftp glob
+sftp-perm.sh: sftp permissions
+sftp-uri.sh: sftp-uri
+ssh-com-client.sh: connect with ssh.com client
+ssh-com-keygen.sh: ssh.com key import
+ssh-com-sftp.sh: basic sftp put/get with ssh.com server
+ssh-com.sh: connect to ssh.com server
+reconfigure.sh: simple connect after reconfigure
+dynamic-forward.sh: dynamic forwarding
+forwarding.sh: local and remote forwarding
+multiplex.sh: connection multiplexing
+reexec.sh: reexec tests
+brokenkeys.sh: broken keys
+sshcfgparse.sh: ssh config parse
+cfgparse.sh: sshd config parse
+cfgmatch.sh: sshd_config match
+cfgmatchlisten.sh: sshd_config matchlisten
+addrmatch.sh: address match
+localcommand.sh: localcommand
+forcecommand.sh: forced command
+portnum.sh: port number parsing
+keytype.sh: login with different key types
+kextype.sh: login with different key exchange algorithms
+cert-hostkey.sh certified host keys
+cert-userkey.sh: certified user keys
+host-expand.sh: expand %h and %n
+keys-command.sh: authorized keys from command
+forward-control.sh: sshd control of local and remote forwarding
+integrity.sh: integrity
+krl.sh: key revocation lists
+multipubkey.sh: multiple pubkey
+limit-keytype.sh: restrict pubkey type
+hostkey-agent.sh: hostkey agent
+keygen-knownhosts.sh: ssh-keygen known_hosts
+hostkey-rotate.sh: hostkey rotate
+principals-command.sh: authorized principals command
+cert-file.sh: ssh with certificates
+cfginclude.sh: config include
+allow-deny-users.sh: AllowUsers/DenyUsers
+authinfo.sh: authinfo
+
+
+Problems?
+
+Run the failing test with shell tracing (-x) turned on:
+$ PATH=`pwd`/..:$PATH:. sh -x test-exec.sh `pwd` agent-timeout.sh
+
+Failed tests can be difficult to diagnose. Suggestions:
+- run the individual test via ./test-exec.sh `pwd` [testname]
+- set LogLevel to VERBOSE in test-exec.sh and enable syslogging of
+ auth.debug (eg to /var/log/authlog).
+
+
+Known Issues.
+
+- Similarly, if you do not have "scp" in your system's $PATH then the
+ multiplex scp tests will fail (since the system's shell startup scripts
+ will determine where the shell started by sshd will look for scp).
+
+- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
+ test to fail. The old behaviour can be restored by setting (and
+ exporting) _POSIX2_VERSION=199209 before running the tests.