Test Status OpenSSH 7.1 P2 on HPE NSE

Darren Tucker dtucker at zip.com.au
Wed Feb 10 09:28:12 AEDT 2016


On Wed, Feb 10, 2016 at 8:08 AM, Randall S. Becker
<rsbecker at nexbridge.com> wrote:
> Hi All,
>
> Just reporting in on how testing has gone. After reducing obs to 32k max and
> banners to a max of 10000, plus some minor platform changes - root is not 0,
> for example, all normal tests have passed except for:

Did you need to make any code changes?  If so, what?

> multiplex - hangs at the end of this output. We had a similar issue that
> single reads of data were not working in dd but that does not seem to be the
> case in this test suite.
>         test connection multiplexing: envpass
>         environment not found
>         test connection multiplexing: transfer
>         Binary files /home/git/openssh-portable/regress/data and
> /home/git/openssh-portable/regress/copy differ
>         ssh -Sctl: corrupted copy of /home/git/openssh-portable/regress/data
>         Binary files /home/git/openssh-portable/regress/data and
> /home/git/openssh-portable/regress/copy differ

These tests are for ControlMaster and requires descriptor passing over
Unix domain sockets to work.  Does you platform have that?

[...]
>         AuthorizedKeysCommand with arguments
>         connect failed
>         AuthorizedKeysCommand without arguments
>         connect failed

These ones might be port reuse or race conditions.  the failed-ssh.log
and failed-sshd.log should say why the connect failed.

> integrity (a sample... pretty much all of the tests do this)
>         test integrity: hmac-sha1 @2900
>         unexpected error mac hmac-sha1 at 2900: Bytes per second: sent
> 40854.2, received 34836.9.
> principals-command (a sample. Every 3 to 5 executions fail. Nothing apparent
> the logs as to why. Could this be a timing issue on recycling ports?).

The integrity test failures aren't due to TCP port recycling because
they run sshd via a proxycommand and does not depend on TCP ports.  It
does depend somewhat on what ciphers and macs are offered because
those banners affect how many bytes are on the wire before the
encrypted traffic starts.  These lists of ciphers are macs are in the
debug logs which you are yet to share.

>         authorized principals command: privsep yes empty
> authorized_principals
>         authorized principals command: privsep yes wrong
> authorized_principals
>         authorized principals command: privsep yes correct
> authorized_principals
>         ssh cert connect failed
>
> The build did not use any pthreads, and used c89. Unfortunately, the logs
> were not particularly helpful identifying why there were issues.

You keep saying that but don't show them.  We might be able to make
something out of them if we can see them.

> I am not
> sure we can deploy the code at this stage, although it does work for the
> most of the pretty normal things I need to do. Anyone have any advice?

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list