ssh/tailssh: keep OpenSSH exit test on none auth

Make the OpenSSH integration test deterministic on macOS while preserving the meaningful Tailscale SSH authentication path: use an empty client config, disable public-key/password/keyboard-interactive/GSSAPI follow-up methods, and rely on the initial SSH none-auth request that tailssh handles through clientAuth. Log the OpenSSH version and capture verbose SSH output so future runner-specific failures expose the client-side reason. Updates #18256 Change-Id: I5ea2dedd45f0294a053cee0f5a46cfa3cf2d993f Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2026-05-06 04:36:15 +02:00 · 2026-05-04 12:43:20 +00:00 · 2026-05-04 12:43:20 +00:00 · afad3d4e76
commit afad3d4e76
parent 5ea2dedd45
1 changed files with 12 additions and 2 deletions
--- a/ssh/tailssh/tailssh_integration_test.go
+++ b/ssh/tailssh/tailssh_integration_test.go
@ -1047,6 +1047,11 @@ func TestOpenSSHExitCodes(t *testing.T) {
 	t.Cleanup(func() { debugTest.Store(false) })
 	username := exitCodeTestUser()

+	if out, err := exec.Command("ssh", "-V").CombinedOutput(); err == nil {
+		t.Logf("OpenSSH version: %s", bytes.TrimSpace(out))
+	}
+	t.Logf("OpenSSH test user: %s", username)
+
 	addr := testServer(t, username, false, false)
 	host, port, err := net.SplitHostPort(addr)
 	if err != nil {
@ -1093,13 +1098,18 @@ func TestOpenSSHExitCodes(t *testing.T) {
 			defer cancel()

 			cmd := exec.CommandContext(ctx, "ssh",
-				"-F", "none",
+				"-vvv",
+				"-F", "/dev/null",
 				"-T",
 				"-o", "BatchMode=yes",
 				"-o", "ConnectTimeout=5",
+				"-o", "GSSAPIAuthentication=no",
 				"-o", "GlobalKnownHostsFile=/dev/null",
-				"-o", "LogLevel=ERROR",
+				"-o", "HostbasedAuthentication=no",
+				"-o", "KbdInteractiveAuthentication=no",
 				"-o", "NumberOfPasswordPrompts=0",
+				"-o", "PasswordAuthentication=no",
+				"-o", "PubkeyAuthentication=no",
 				"-o", "StrictHostKeyChecking=no",
 				"-o", "UserKnownHostsFile=/dev/null",
 				"-p", port,