Hi All, Just reporting in on how testing has gone. After reducing obs to 32k max and banners to a max of 10000, plus some minor platform changes - root is not 0, for example, all normal tests have passed except for: multiplex - hangs at the end of this output. We had a similar issue that single reads of data were not working in dd but that does not seem to be the case in this test suite. test connection multiplexing: envpass environment not found test connection multiplexing: transfer Binary files /home/git/openssh-portable/regress/data and /home/git/openssh-portable/regress/copy differ ssh -Sctl: corrupted copy of /home/git/openssh-portable/regress/data Binary files /home/git/openssh-portable/regress/data and /home/git/openssh-portable/regress/copy differ ssh -S ctl: corrupted copy of /home/git/openssh-portable/regress/data keys-command (nothing really apparent that I can find in the logs) AuthorizedKeysCommand with arguments connect failed AuthorizedKeysCommand without arguments connect failed integrity (a sample... pretty much all of the tests do this) test integrity: hmac-sha1 @2900 unexpected error mac hmac-sha1 at 2900: Bytes per second: sent 40854.2, received 34836.9. principals-command (a sample. Every 3 to 5 executions fail. Nothing apparent the logs as to why. Could this be a timing issue on recycling ports?). authorized principals command: privsep yes empty authorized_principals authorized principals command: privsep yes wrong authorized_principals authorized principals command: privsep yes correct authorized_principals ssh cert connect failed The build did not use any pthreads, and used c89. Unfortunately, the logs were not particularly helpful identifying why there were issues. I am not sure we can deploy the code at this stage, although it does work for the most of the pretty normal things I need to do. Anyone have any advice? Cheers, Randall -- Brief whoami: NonStop&UNIX developer since approximately UNIX(421664400)/NonStop(211288444200000000) -- In my real life, I talk too much.
On Wed, Feb 10, 2016 at 8:08 AM, Randall S. Becker <rsbecker at nexbridge.com> wrote:> Hi All, > > Just reporting in on how testing has gone. After reducing obs to 32k max and > banners to a max of 10000, plus some minor platform changes - root is not 0, > for example, all normal tests have passed except for:Did you need to make any code changes? If so, what?> multiplex - hangs at the end of this output. We had a similar issue that > single reads of data were not working in dd but that does not seem to be the > case in this test suite. > test connection multiplexing: envpass > environment not found > test connection multiplexing: transfer > Binary files /home/git/openssh-portable/regress/data and > /home/git/openssh-portable/regress/copy differ > ssh -Sctl: corrupted copy of /home/git/openssh-portable/regress/data > Binary files /home/git/openssh-portable/regress/data and > /home/git/openssh-portable/regress/copy differThese tests are for ControlMaster and requires descriptor passing over Unix domain sockets to work. Does you platform have that? [...]> AuthorizedKeysCommand with arguments > connect failed > AuthorizedKeysCommand without arguments > connect failedThese ones might be port reuse or race conditions. the failed-ssh.log and failed-sshd.log should say why the connect failed.> integrity (a sample... pretty much all of the tests do this) > test integrity: hmac-sha1 @2900 > unexpected error mac hmac-sha1 at 2900: Bytes per second: sent > 40854.2, received 34836.9. > principals-command (a sample. Every 3 to 5 executions fail. Nothing apparent > the logs as to why. Could this be a timing issue on recycling ports?).The integrity test failures aren't due to TCP port recycling because they run sshd via a proxycommand and does not depend on TCP ports. It does depend somewhat on what ciphers and macs are offered because those banners affect how many bytes are on the wire before the encrypted traffic starts. These lists of ciphers are macs are in the debug logs which you are yet to share.> authorized principals command: privsep yes empty > authorized_principals > authorized principals command: privsep yes wrong > authorized_principals > authorized principals command: privsep yes correct > authorized_principals > ssh cert connect failed > > The build did not use any pthreads, and used c89. Unfortunately, the logs > were not particularly helpful identifying why there were issues.You keep saying that but don't show them. We might be able to make something out of them if we can see them.> I am not > sure we can deploy the code at this stage, although it does work for the > most of the pretty normal things I need to do. Anyone have any advice?-- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On February 9, 2016 5:28 PM Darren Tucker wrote:> > On Wed, Feb 10, 2016 at 8:08 AM, Randall S. Becker > <rsbecker at nexbridge.com> wrote: > > Hi All, > > > > Just reporting in on how testing has gone. After reducing obs to 32k > > max and banners to a max of 10000, plus some minor platform changes - > > root is not 0, for example, all normal tests have passed except for: > > Did you need to make any code changes? If so, what?I only changed regress/transfer.sh: - for s in 10 100 1k 32k 64k 128k 256k; do + for s in 10 100 1k 32k ; do and regress/banner.sh -for s in 0 10 100 1000 10000 100000 ; do +for s in 0 10 100 1000 10000 ; do> > multiplex - hangs at the end of this output. We had a similar issue > > that single reads of data were not working in dd but that does not > > seem to be the case in this test suite. > > test connection multiplexing: envpass > > environment not found > > test connection multiplexing: transfer > > Binary files /home/git/openssh-portable/regress/data and > > /home/git/openssh-portable/regress/copy differ > > ssh -Sctl: corrupted copy of /home/git/openssh-portable/regress/data > > Binary files /home/git/openssh-portable/regress/data and > > /home/git/openssh-portable/regress/copy differ > > These tests are for ControlMaster and requires descriptor passing over Unix > domain sockets to work. Does you platform have that?It does, however I think there are setup requirements on the sockets that are not covered and are different on the platform. If you could point me at the setup code, I can check it and/or make it work.> [...] > > AuthorizedKeysCommand with arguments > > connect failed > > AuthorizedKeysCommand without arguments > > connect failed > > These ones might be port reuse or race conditions. the failed-ssh.log and > failed-sshd.log should say why the connect failed.I will post this as a separate thread.> > integrity (a sample... pretty much all of the tests do this) > > test integrity: hmac-sha1 @2900 > > unexpected error mac hmac-sha1 at 2900: Bytes per second: sent > > 40854.2, received 34836.9. > > principals-command (a sample. Every 3 to 5 executions fail. Nothing > > apparent the logs as to why. Could this be a timing issue on recycling > ports?). > > The integrity test failures aren't due to TCP port recycling because they run > sshd via a proxycommand and does not depend on TCP ports. It does > depend somewhat on what ciphers and macs are offered because those > banners affect how many bytes are on the wire before the encrypted traffic > starts. These lists of ciphers are macs are in the debug logs which you are yet > to share. > > > authorized principals command: privsep yes empty > > authorized_principals > > authorized principals command: privsep yes wrong > > authorized_principals > > authorized principals command: privsep yes correct > > authorized_principals > > ssh cert connect failedI will gather up the logs and share them as a separate thread. I assume plain text is ok.> > The build did not use any pthreads, and used c89. Unfortunately, the > > logs were not particularly helpful identifying why there were issues. > > You keep saying that but don't show them. We might be able to make > something out of them if we can see them.Will share later today or tomorrow ($DAYJOB calls). Thanks Darren. Cheers, Randall
Apparently Analagous Threads
- Test Failure OpenSSH 7.1 P2 on HPE NSE for key-commands
- [Bug] Regression problem in transfer.sh for OpenSSH 7.1 P2 on HPE NSE above dd-size 32k
- [Bug] Regression problem in transfer.sh for OpenSSH 7.1 P2 on HPE NSE above dd-size 32k
- Test Failure OpenSSH 7.1 P2 on HPE NSE for integrity
- Test Failure OpenSSH 7.1 P2 on HPE NSE for integrity