diff --git a/russh/src/tests.rs b/russh/src/tests.rs
deleted file mode 100644
index ecff9059..00000000
--- a/russh/src/tests.rs
+++ /dev/null
@@ -1,619 +0,0 @@
-#![allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] // Allow unwraps, expects and panics in the test suite
-
-use futures::Future;
-
-use super::*;
-
-mod compress {
-    use std::collections::HashMap;
-    use std::sync::{Arc, Mutex};
-
-    use keys::PrivateKeyWithHashAlg;
-    use log::debug;
-    use rand_core::OsRng;
-    use ssh_key::PrivateKey;
-
-    use super::server::{Server as _, Session};
-    use super::*;
-    use crate::server::Msg;
-
-    #[tokio::test]
-    async fn compress_local_test() {
-        let _ = env_logger::try_init();
-
-        let client_key = PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap();
-        let mut config = server::Config::default();
-        config.preferred = Preferred::COMPRESSED;
-        config.inactivity_timeout = None; // Some(std::time::Duration::from_secs(3));
-        config.auth_rejection_time = std::time::Duration::from_secs(3);
-        config
-            .keys
-            .push(PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap());
-        let config = Arc::new(config);
-        let mut sh = Server {
-            clients: Arc::new(Mutex::new(HashMap::new())),
-            id: 0,
-        };
-
-        let socket = tokio::net::TcpListener::bind("127.0.0.1:0").await.unwrap();
-        let addr = socket.local_addr().unwrap();
-
-        tokio::spawn(async move {
-            let (socket, _) = socket.accept().await.unwrap();
-            let server = sh.new_client(socket.peer_addr().ok());
-            server::run_stream(config, socket, server).await.unwrap();
-        });
-
-        let mut config = client::Config::default();
-        config.preferred = Preferred::COMPRESSED;
-        let config = Arc::new(config);
-
-        let mut session = client::connect(config, addr, Client {}).await.unwrap();
-        let authenticated = session
-            .authenticate_publickey(
-                std::env::var("USER").unwrap_or("user".to_owned()),
-                PrivateKeyWithHashAlg::new(
-                    Arc::new(client_key),
-                    session.best_supported_rsa_hash().await.unwrap().flatten(),
-                ),
-            )
-            .await
-            .unwrap()
-            .success();
-        assert!(authenticated);
-        let mut channel = session.channel_open_session().await.unwrap();
-
-        let data = &b"Hello, world!"[..];
-        channel.data(data).await.unwrap();
-        let msg = channel.wait().await.unwrap();
-        match msg {
-            ChannelMsg::Data { data: msg_data } => {
-                assert_eq!(*data, *msg_data)
-            }
-            msg => panic!("Unexpected message {:?}", msg),
-        }
-    }
-
-    #[derive(Clone)]
-    struct Server {
-        clients: Arc<Mutex<HashMap<(usize, ChannelId), super::server::Handle>>>,
-        id: usize,
-    }
-
-    impl server::Server for Server {
-        type Handler = Self;
-        fn new_client(&mut self, _: Option<std::net::SocketAddr>) -> Self {
-            let s = self.clone();
-            self.id += 1;
-            s
-        }
-    }
-
-    impl server::Handler for Server {
-        type Error = super::Error;
-
-        async fn channel_open_session(
-            &mut self,
-            channel: Channel<Msg>,
-            session: &mut Session,
-        ) -> Result<bool, Self::Error> {
-            {
-                let mut clients = self.clients.lock().unwrap();
-                clients.insert((self.id, channel.id()), session.handle());
-            }
-            Ok(true)
-        }
-        async fn auth_publickey(
-            &mut self,
-            _: &str,
-            _: &crate::keys::ssh_key::PublicKey,
-        ) -> Result<server::Auth, Self::Error> {
-            debug!("auth_publickey");
-            Ok(server::Auth::Accept)
-        }
-        async fn data(
-            &mut self,
-            channel: ChannelId,
-            data: &[u8],
-            session: &mut Session,
-        ) -> Result<(), Self::Error> {
-            debug!("server data = {:?}", std::str::from_utf8(data));
-            session.data(channel, CryptoVec::from_slice(data))?;
-            Ok(())
-        }
-    }
-
-    struct Client {}
-
-    impl client::Handler for Client {
-        type Error = super::Error;
-
-        async fn check_server_key(
-            &mut self,
-            _server_public_key: &crate::keys::ssh_key::PublicKey,
-        ) -> Result<bool, Self::Error> {
-            // println!("check_server_key: {:?}", server_public_key);
-            Ok(true)
-        }
-    }
-}
-
-mod channels {
-    use keys::PrivateKeyWithHashAlg;
-    use rand_core::OsRng;
-    use server::Session;
-    use ssh_key::PrivateKey;
-    use tokio::io::{AsyncReadExt, AsyncWriteExt};
-
-    use super::*;
-    use crate::CryptoVec;
-
-    async fn test_session<RC, RS, CH, SH, F1, F2>(
-        client_handler: CH,
-        server_handler: SH,
-        run_client: RC,
-        run_server: RS,
-    ) where
-        RC: FnOnce(crate::client::Handle<CH>) -> F1 + Send + Sync + 'static,
-        RS: FnOnce(crate::server::Handle) -> F2 + Send + Sync + 'static,
-        F1: Future<Output = crate::client::Handle<CH>> + Send + Sync + 'static,
-        F2: Future<Output = crate::server::Handle> + Send + Sync + 'static,
-        CH: crate::client::Handler + Send + Sync + 'static,
-        SH: crate::server::Handler + Send + Sync + 'static,
-    {
-        use std::sync::Arc;
-
-        use crate::*;
-
-        let _ = env_logger::try_init();
-
-        let client_key = PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap();
-        let mut config = server::Config::default();
-        config.inactivity_timeout = None;
-        config.auth_rejection_time = std::time::Duration::from_secs(3);
-        config
-            .keys
-            .push(PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap());
-        let config = Arc::new(config);
-        let socket = tokio::net::TcpListener::bind("127.0.0.1:0").await.unwrap();
-        let addr = socket.local_addr().unwrap();
-
-        let server_join = tokio::spawn(async move {
-            let (socket, _) = socket.accept().await.unwrap();
-
-            server::run_stream(config, socket, server_handler)
-                .await
-                .map_err(|_| ())
-                .unwrap()
-        });
-
-        let client_join = tokio::spawn(async move {
-            let config = Arc::new(client::Config::default());
-            let mut session = client::connect(config, addr, client_handler)
-                .await
-                .map_err(|_| ())
-                .unwrap();
-            let authenticated = session
-                .authenticate_publickey(
-                    std::env::var("USER").unwrap_or("user".to_owned()),
-                    PrivateKeyWithHashAlg::new(Arc::new(client_key), None),
-                )
-                .await
-                .unwrap();
-            assert!(authenticated.success());
-            session
-        });
-
-        let (server_session, client_session) = tokio::join!(server_join, client_join);
-        let client_handle = tokio::spawn(run_client(client_session.unwrap()));
-        let server_handle = tokio::spawn(run_server(server_session.unwrap().handle()));
-
-        let (server_session, client_session) = tokio::join!(server_handle, client_handle);
-        assert!(server_session.is_ok());
-        assert!(client_session.is_ok());
-        drop(client_session);
-        drop(server_session);
-    }
-
-    #[tokio::test]
-    async fn test_server_channels() {
-        #[derive(Debug)]
-        struct Client {}
-
-        impl client::Handler for Client {
-            type Error = crate::Error;
-
-            async fn check_server_key(
-                &mut self,
-                _server_public_key: &crate::keys::ssh_key::PublicKey,
-            ) -> Result<bool, Self::Error> {
-                Ok(true)
-            }
-
-            async fn data(
-                &mut self,
-                channel: ChannelId,
-                data: &[u8],
-                session: &mut client::Session,
-            ) -> Result<(), Self::Error> {
-                assert_eq!(data, &b"hello world!"[..]);
-                session.data(channel, CryptoVec::from_slice(&b"hey there!"[..]))?;
-                Ok(())
-            }
-        }
-
-        struct ServerHandle {
-            did_auth: Option<tokio::sync::oneshot::Sender<()>>,
-        }
-
-        impl ServerHandle {
-            fn get_auth_waiter(&mut self) -> tokio::sync::oneshot::Receiver<()> {
-                let (tx, rx) = tokio::sync::oneshot::channel();
-                self.did_auth = Some(tx);
-                rx
-            }
-        }
-
-        impl server::Handler for ServerHandle {
-            type Error = crate::Error;
-
-            async fn auth_publickey(
-                &mut self,
-                _: &str,
-                _: &crate::keys::ssh_key::PublicKey,
-            ) -> Result<server::Auth, Self::Error> {
-                Ok(server::Auth::Accept)
-            }
-            async fn auth_succeeded(&mut self, _session: &mut Session) -> Result<(), Self::Error> {
-                if let Some(a) = self.did_auth.take() {
-                    a.send(()).unwrap();
-                }
-                Ok(())
-            }
-        }
-
-        let mut sh = ServerHandle { did_auth: None };
-        let a = sh.get_auth_waiter();
-        test_session(
-            Client {},
-            sh,
-            |c| async move { c },
-            |s| async move {
-                a.await.unwrap();
-                let mut ch = s.channel_open_session().await.unwrap();
-                ch.data(&b"hello world!"[..]).await.unwrap();
-
-                let msg = ch.wait().await.unwrap();
-                if let ChannelMsg::Data { data } = msg {
-                    assert_eq!(data.as_ref(), &b"hey there!"[..]);
-                } else {
-                    panic!("Unexpected message {:?}", msg);
-                }
-                s
-            },
-        )
-        .await;
-    }
-
-    #[tokio::test]
-    async fn test_channel_streams() {
-        #[derive(Debug)]
-        struct Client {}
-
-        impl client::Handler for Client {
-            type Error = crate::Error;
-
-            async fn check_server_key(
-                &mut self,
-                _server_public_key: &crate::keys::ssh_key::PublicKey,
-            ) -> Result<bool, Self::Error> {
-                Ok(true)
-            }
-        }
-
-        struct ServerHandle {
-            channel: Option<tokio::sync::oneshot::Sender<Channel<server::Msg>>>,
-        }
-
-        impl ServerHandle {
-            fn get_channel_waiter(
-                &mut self,
-            ) -> tokio::sync::oneshot::Receiver<Channel<server::Msg>> {
-                let (tx, rx) = tokio::sync::oneshot::channel::<Channel<server::Msg>>();
-                self.channel = Some(tx);
-                rx
-            }
-        }
-
-        impl server::Handler for ServerHandle {
-            type Error = crate::Error;
-
-            async fn auth_publickey(
-                &mut self,
-                _: &str,
-                _: &crate::keys::ssh_key::PublicKey,
-            ) -> Result<server::Auth, Self::Error> {
-                Ok(server::Auth::Accept)
-            }
-
-            async fn channel_open_session(
-                &mut self,
-                channel: Channel<server::Msg>,
-                _session: &mut server::Session,
-            ) -> Result<bool, Self::Error> {
-                if let Some(a) = self.channel.take() {
-                    println!("channel open session {:?}", a);
-                    a.send(channel).unwrap();
-                }
-                Ok(true)
-            }
-        }
-
-        let mut sh = ServerHandle { channel: None };
-        let scw = sh.get_channel_waiter();
-
-        test_session(
-            Client {},
-            sh,
-            |client| async move {
-                let ch = client.channel_open_session().await.unwrap();
-                let mut stream = ch.into_stream();
-                stream.write_all(&b"request"[..]).await.unwrap();
-
-                let mut buf = Vec::new();
-                stream.read_buf(&mut buf).await.unwrap();
-                assert_eq!(&buf, &b"response"[..]);
-
-                stream.write_all(&b"reply"[..]).await.unwrap();
-
-                client
-            },
-            |server| async move {
-                let channel = scw.await.unwrap();
-                let mut stream = channel.into_stream();
-
-                let mut buf = Vec::new();
-                stream.read_buf(&mut buf).await.unwrap();
-                assert_eq!(&buf, &b"request"[..]);
-
-                stream.write_all(&b"response"[..]).await.unwrap();
-
-                buf.clear();
-
-                stream.read_buf(&mut buf).await.unwrap();
-                assert_eq!(&buf, &b"reply"[..]);
-
-                server
-            },
-        )
-        .await;
-    }
-
-    #[tokio::test]
-    async fn test_channel_objects() {
-        #[derive(Debug)]
-        struct Client {}
-
-        impl client::Handler for Client {
-            type Error = crate::Error;
-
-            async fn check_server_key(
-                &mut self,
-                _server_public_key: &crate::keys::ssh_key::PublicKey,
-            ) -> Result<bool, Self::Error> {
-                Ok(true)
-            }
-        }
-
-        struct ServerHandle {}
-
-        impl ServerHandle {}
-
-        impl server::Handler for ServerHandle {
-            type Error = crate::Error;
-
-            async fn auth_publickey(
-                &mut self,
-                _: &str,
-                _: &crate::keys::ssh_key::PublicKey,
-            ) -> Result<server::Auth, Self::Error> {
-                Ok(server::Auth::Accept)
-            }
-
-            async fn channel_open_session(
-                &mut self,
-                mut channel: Channel<server::Msg>,
-                _session: &mut Session,
-            ) -> Result<bool, Self::Error> {
-                tokio::spawn(async move {
-                    while let Some(msg) = channel.wait().await {
-                        match msg {
-                            ChannelMsg::Data { data } => {
-                                channel.data(&data[..]).await.unwrap();
-                                channel.close().await.unwrap();
-                                break;
-                            }
-                            _ => {}
-                        }
-                    }
-                });
-                Ok(true)
-            }
-        }
-
-        let sh = ServerHandle {};
-        test_session(
-            Client {},
-            sh,
-            |c| async move {
-                let mut ch = c.channel_open_session().await.unwrap();
-                ch.data(&b"hello world!"[..]).await.unwrap();
-
-                let msg = ch.wait().await.unwrap();
-                if let ChannelMsg::Data { data } = msg {
-                    assert_eq!(data.as_ref(), &b"hello world!"[..]);
-                } else {
-                    panic!("Unexpected message {:?}", msg);
-                }
-
-                assert!(ch.wait().await.is_none());
-                c
-            },
-            |s| async move { s },
-        )
-        .await;
-    }
-
-    #[tokio::test]
-    async fn test_channel_window_size() {
-        #[derive(Debug)]
-        struct Client {}
-
-        impl client::Handler for Client {
-            type Error = crate::Error;
-
-            async fn check_server_key(
-                &mut self,
-                _server_public_key: &crate::keys::ssh_key::PublicKey,
-            ) -> Result<bool, Self::Error> {
-                Ok(true)
-            }
-        }
-
-        struct ServerHandle {
-            channel: Option<tokio::sync::oneshot::Sender<Channel<server::Msg>>>,
-        }
-
-        impl ServerHandle {
-            fn get_channel_waiter(
-                &mut self,
-            ) -> tokio::sync::oneshot::Receiver<Channel<server::Msg>> {
-                let (tx, rx) = tokio::sync::oneshot::channel::<Channel<server::Msg>>();
-                self.channel = Some(tx);
-                rx
-            }
-        }
-
-        impl server::Handler for ServerHandle {
-            type Error = crate::Error;
-
-            async fn auth_publickey(
-                &mut self,
-                _: &str,
-                _: &crate::keys::ssh_key::PublicKey,
-            ) -> Result<server::Auth, Self::Error> {
-                Ok(server::Auth::Accept)
-            }
-
-            async fn channel_open_session(
-                &mut self,
-                channel: Channel<server::Msg>,
-                _session: &mut server::Session,
-            ) -> Result<bool, Self::Error> {
-                if let Some(a) = self.channel.take() {
-                    println!("channel open session {:?}", a);
-                    a.send(channel).unwrap();
-                }
-                Ok(true)
-            }
-        }
-
-        let mut sh = ServerHandle { channel: None };
-        let scw = sh.get_channel_waiter();
-
-        test_session(
-            Client {},
-            sh,
-            |client| async move {
-                let ch = client.channel_open_session().await.unwrap();
-
-                let mut writer_1 = ch.make_writer();
-                let jh_1 = tokio::spawn(async move {
-                    let buf = [1u8; 1024 * 64];
-                    assert!(writer_1.write_all(&buf).await.is_ok());
-                });
-                let mut writer_2 = ch.make_writer();
-                let jh_2 = tokio::spawn(async move {
-                    let buf = [2u8; 1024 * 64];
-                    assert!(writer_2.write_all(&buf).await.is_ok());
-                });
-
-                assert!(tokio::try_join!(jh_1, jh_2).is_ok());
-
-                client
-            },
-            |server| async move {
-                let mut channel = scw.await.unwrap();
-
-                let mut total_data = 2 * 1024 * 64;
-                while let Some(msg) = channel.wait().await {
-                    match msg {
-                        ChannelMsg::Data { data } => {
-                            total_data -= data.len();
-                            if total_data == 0 {
-                                break;
-                            }
-                        }
-                        _ => panic!("Unexpected message {:?}", msg),
-                    }
-                }
-
-                server
-            },
-        )
-        .await;
-    }
-}
-
-mod server_kex_junk {
-    use std::sync::Arc;
-
-    use tokio::io::AsyncWriteExt;
-
-    use super::server::Server as _;
-    use super::*;
-
-    #[tokio::test]
-    async fn server_kex_junk_test() {
-        let _ = env_logger::try_init();
-
-        let config = server::Config::default();
-        let config = Arc::new(config);
-        let mut sh = Server {};
-
-        let socket = tokio::net::TcpListener::bind("127.0.0.1:0").await.unwrap();
-        let addr = socket.local_addr().unwrap();
-
-        tokio::spawn(async move {
-            let mut client_stream = tokio::net::TcpStream::connect(addr).await.unwrap();
-            client_stream
-                .write_all(b"SSH-2.0-Client_1.0\r\n")
-                .await
-                .unwrap();
-            // Unexpected message pre-kex
-            client_stream.write_all(&[0, 0, 0, 2, 0, 99]).await.unwrap();
-            tokio::time::sleep(std::time::Duration::from_secs(1)).await;
-        });
-
-        let (socket, _) = socket.accept().await.unwrap();
-        let server = sh.new_client(socket.peer_addr().ok());
-        let rs = server::run_stream(config, socket, server).await.unwrap();
-
-        // May not panic
-        assert!(rs.await.is_err());
-    }
-
-    #[derive(Clone)]
-    struct Server {}
-
-    impl server::Server for Server {
-        type Handler = Self;
-        fn new_client(&mut self, _: Option<std::net::SocketAddr>) -> Self {
-            self.clone()
-        }
-    }
-
-    impl server::Handler for Server {
-        type Error = super::Error;
-    }
-}
diff --git a/russh/src/tests/channels.rs b/russh/src/tests/channels.rs
new file mode 100644
index 00000000..eef2ff14
--- /dev/null
+++ b/russh/src/tests/channels.rs
@@ -0,0 +1,434 @@
+use std::future::Future;
+
+use rand_core::OsRng;
+use ssh_key::PrivateKey;
+use tokio::io::{AsyncReadExt, AsyncWriteExt};
+
+use crate::keys::PrivateKeyWithHashAlg;
+use crate::server::Session;
+use crate::tests::test_init;
+use crate::{Channel, ChannelId, ChannelMsg, CryptoVec};
+
+async fn test_session<RC, RS, CH, SH, F1, F2>(
+    client_handler: CH,
+    server_handler: SH,
+    run_client: RC,
+    run_server: RS,
+) where
+    RC: FnOnce(crate::client::Handle<CH>) -> F1 + Send + Sync + 'static,
+    RS: FnOnce(crate::server::Handle) -> F2 + Send + Sync + 'static,
+    F1: Future<Output = crate::client::Handle<CH>> + Send + Sync + 'static,
+    F2: Future<Output = crate::server::Handle> + Send + Sync + 'static,
+    CH: crate::client::Handler + Send + Sync + 'static,
+    SH: crate::server::Handler + Send + Sync + 'static,
+{
+    use std::sync::Arc;
+
+    use crate::*;
+
+    let _ = env_logger::try_init();
+
+    let client_key = PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap();
+    let mut config = server::Config::default();
+    config.inactivity_timeout = None;
+    config.auth_rejection_time = std::time::Duration::from_secs(3);
+    config
+        .keys
+        .push(PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap());
+    let config = Arc::new(config);
+    let socket = tokio::net::TcpListener::bind("127.0.0.1:0").await.unwrap();
+    let addr = socket.local_addr().unwrap();
+
+    let server_join = tokio::spawn(async move {
+        let (socket, _) = socket.accept().await.unwrap();
+
+        server::run_stream(config, socket, server_handler)
+            .await
+            .map_err(|_| ())
+            .unwrap()
+    });
+
+    let client_join = tokio::spawn(async move {
+        let config = Arc::new(client::Config::default());
+        let mut session = client::connect(config, addr, client_handler)
+            .await
+            .map_err(|_| ())
+            .unwrap();
+        let authenticated = session
+            .authenticate_publickey(
+                std::env::var("USER").unwrap_or("user".to_owned()),
+                PrivateKeyWithHashAlg::new(Arc::new(client_key), None),
+            )
+            .await
+            .unwrap();
+        assert!(authenticated.success());
+        session
+    });
+
+    let (server_session, client_session) = tokio::join!(server_join, client_join);
+    let client_handle = tokio::spawn(run_client(client_session.unwrap()));
+    let server_handle = tokio::spawn(run_server(server_session.unwrap().handle()));
+
+    let (server_session, client_session) = tokio::join!(server_handle, client_handle);
+    assert!(server_session.is_ok());
+    assert!(client_session.is_ok());
+    drop(client_session);
+    drop(server_session);
+}
+
+#[tokio::test]
+async fn test_server_channels() {
+    test_init();
+
+    #[derive(Debug)]
+    struct Client {}
+
+    impl crate::client::Handler for Client {
+        type Error = crate::Error;
+
+        async fn check_server_key(
+            &mut self,
+            _server_public_key: &crate::keys::ssh_key::PublicKey,
+        ) -> Result<bool, Self::Error> {
+            Ok(true)
+        }
+
+        async fn data(
+            &mut self,
+            channel: ChannelId,
+            data: &[u8],
+            session: &mut crate::client::Session,
+        ) -> Result<(), Self::Error> {
+            assert_eq!(data, &b"hello world!"[..]);
+            session.data(channel, CryptoVec::from_slice(&b"hey there!"[..]))?;
+            Ok(())
+        }
+    }
+
+    struct ServerHandle {
+        did_auth: Option<tokio::sync::oneshot::Sender<()>>,
+    }
+
+    impl ServerHandle {
+        fn get_auth_waiter(&mut self) -> tokio::sync::oneshot::Receiver<()> {
+            let (tx, rx) = tokio::sync::oneshot::channel();
+            self.did_auth = Some(tx);
+            rx
+        }
+    }
+
+    impl crate::server::Handler for ServerHandle {
+        type Error = crate::Error;
+
+        async fn auth_publickey(
+            &mut self,
+            _: &str,
+            _: &crate::keys::ssh_key::PublicKey,
+        ) -> Result<crate::server::Auth, Self::Error> {
+            Ok(crate::server::Auth::Accept)
+        }
+        async fn auth_succeeded(&mut self, _session: &mut Session) -> Result<(), Self::Error> {
+            if let Some(a) = self.did_auth.take() {
+                a.send(()).unwrap();
+            }
+            Ok(())
+        }
+    }
+
+    let mut sh = ServerHandle { did_auth: None };
+    let a = sh.get_auth_waiter();
+    test_session(
+        Client {},
+        sh,
+        |c| async move { c },
+        |s| async move {
+            a.await.unwrap();
+            let mut ch = s.channel_open_session().await.unwrap();
+            ch.data(&b"hello world!"[..]).await.unwrap();
+
+            let msg = ch.wait().await.unwrap();
+            if let ChannelMsg::Data { data } = msg {
+                assert_eq!(data.as_ref(), &b"hey there!"[..]);
+            } else {
+                panic!("Unexpected message {:?}", msg);
+            }
+            s
+        },
+    )
+    .await;
+}
+
+#[tokio::test]
+async fn test_channel_streams() {
+    test_init();
+
+    #[derive(Debug)]
+    struct Client {}
+
+    impl crate::client::Handler for Client {
+        type Error = crate::Error;
+
+        async fn check_server_key(
+            &mut self,
+            _server_public_key: &crate::keys::ssh_key::PublicKey,
+        ) -> Result<bool, Self::Error> {
+            Ok(true)
+        }
+    }
+
+    struct ServerHandle {
+        channel: Option<tokio::sync::oneshot::Sender<Channel<crate::server::Msg>>>,
+    }
+
+    impl ServerHandle {
+        fn get_channel_waiter(
+            &mut self,
+        ) -> tokio::sync::oneshot::Receiver<Channel<crate::server::Msg>> {
+            let (tx, rx) = tokio::sync::oneshot::channel::<Channel<crate::server::Msg>>();
+            self.channel = Some(tx);
+            rx
+        }
+    }
+
+    impl crate::server::Handler for ServerHandle {
+        type Error = crate::Error;
+
+        async fn auth_publickey(
+            &mut self,
+            _: &str,
+            _: &crate::keys::ssh_key::PublicKey,
+        ) -> Result<crate::server::Auth, Self::Error> {
+            Ok(crate::server::Auth::Accept)
+        }
+
+        async fn channel_open_session(
+            &mut self,
+            channel: Channel<crate::server::Msg>,
+            _session: &mut crate::server::Session,
+        ) -> Result<bool, Self::Error> {
+            if let Some(a) = self.channel.take() {
+                println!("channel open session {:?}", a);
+                a.send(channel).unwrap();
+            }
+            Ok(true)
+        }
+    }
+
+    let mut sh = ServerHandle { channel: None };
+    let scw = sh.get_channel_waiter();
+
+    test_session(
+        Client {},
+        sh,
+        |client| async move {
+            let ch = client.channel_open_session().await.unwrap();
+            let mut stream = ch.into_stream();
+            stream.write_all(&b"request"[..]).await.unwrap();
+
+            let mut buf = Vec::new();
+            stream.read_buf(&mut buf).await.unwrap();
+            assert_eq!(&buf, &b"response"[..]);
+
+            stream.write_all(&b"reply"[..]).await.unwrap();
+
+            client
+        },
+        |server| async move {
+            let channel = scw.await.unwrap();
+            let mut stream = channel.into_stream();
+
+            let mut buf = Vec::new();
+            stream.read_buf(&mut buf).await.unwrap();
+            assert_eq!(&buf, &b"request"[..]);
+
+            stream.write_all(&b"response"[..]).await.unwrap();
+
+            buf.clear();
+
+            stream.read_buf(&mut buf).await.unwrap();
+            assert_eq!(&buf, &b"reply"[..]);
+
+            server
+        },
+    )
+    .await;
+}
+
+#[tokio::test]
+async fn test_channel_objects() {
+    test_init();
+
+    #[derive(Debug)]
+    struct Client {}
+
+    impl crate::client::Handler for Client {
+        type Error = crate::Error;
+
+        async fn check_server_key(
+            &mut self,
+            _server_public_key: &crate::keys::ssh_key::PublicKey,
+        ) -> Result<bool, Self::Error> {
+            Ok(true)
+        }
+    }
+
+    struct ServerHandle {}
+
+    impl ServerHandle {}
+
+    impl crate::server::Handler for ServerHandle {
+        type Error = crate::Error;
+
+        async fn auth_publickey(
+            &mut self,
+            _: &str,
+            _: &crate::keys::ssh_key::PublicKey,
+        ) -> Result<crate::server::Auth, Self::Error> {
+            Ok(crate::server::Auth::Accept)
+        }
+
+        async fn channel_open_session(
+            &mut self,
+            mut channel: Channel<crate::server::Msg>,
+            _session: &mut Session,
+        ) -> Result<bool, Self::Error> {
+            tokio::spawn(async move {
+                while let Some(msg) = channel.wait().await {
+                    match msg {
+                        ChannelMsg::Data { data } => {
+                            channel.data(&data[..]).await.unwrap();
+                            channel.close().await.unwrap();
+                            break;
+                        }
+                        _ => {}
+                    }
+                }
+            });
+            Ok(true)
+        }
+    }
+
+    let sh = ServerHandle {};
+    test_session(
+        Client {},
+        sh,
+        |c| async move {
+            let mut ch = c.channel_open_session().await.unwrap();
+            ch.data(&b"hello world!"[..]).await.unwrap();
+
+            let msg = ch.wait().await.unwrap();
+            if let ChannelMsg::Data { data } = msg {
+                assert_eq!(data.as_ref(), &b"hello world!"[..]);
+            } else {
+                panic!("Unexpected message {:?}", msg);
+            }
+
+            assert!(ch.wait().await.is_none());
+            c
+        },
+        |s| async move { s },
+    )
+    .await;
+}
+
+#[tokio::test]
+async fn test_channel_window_size() {
+    test_init();
+
+    #[derive(Debug)]
+    struct Client {}
+
+    impl crate::client::Handler for Client {
+        type Error = crate::Error;
+
+        async fn check_server_key(
+            &mut self,
+            _server_public_key: &crate::keys::ssh_key::PublicKey,
+        ) -> Result<bool, Self::Error> {
+            Ok(true)
+        }
+    }
+
+    struct ServerHandle {
+        channel: Option<tokio::sync::oneshot::Sender<Channel<crate::server::Msg>>>,
+    }
+
+    impl ServerHandle {
+        fn get_channel_waiter(
+            &mut self,
+        ) -> tokio::sync::oneshot::Receiver<Channel<crate::server::Msg>> {
+            let (tx, rx) = tokio::sync::oneshot::channel::<Channel<crate::server::Msg>>();
+            self.channel = Some(tx);
+            rx
+        }
+    }
+
+    impl crate::server::Handler for ServerHandle {
+        type Error = crate::Error;
+
+        async fn auth_publickey(
+            &mut self,
+            _: &str,
+            _: &crate::keys::ssh_key::PublicKey,
+        ) -> Result<crate::server::Auth, Self::Error> {
+            Ok(crate::server::Auth::Accept)
+        }
+
+        async fn channel_open_session(
+            &mut self,
+            channel: Channel<crate::server::Msg>,
+            _session: &mut crate::server::Session,
+        ) -> Result<bool, Self::Error> {
+            if let Some(a) = self.channel.take() {
+                println!("channel open session {:?}", a);
+                a.send(channel).unwrap();
+            }
+            Ok(true)
+        }
+    }
+
+    let mut sh = ServerHandle { channel: None };
+    let scw = sh.get_channel_waiter();
+
+    test_session(
+        Client {},
+        sh,
+        |client| async move {
+            let ch = client.channel_open_session().await.unwrap();
+
+            let mut writer_1 = ch.make_writer();
+            let jh_1 = tokio::spawn(async move {
+                let buf = [1u8; 1024 * 64];
+                assert!(writer_1.write_all(&buf).await.is_ok());
+            });
+            let mut writer_2 = ch.make_writer();
+            let jh_2 = tokio::spawn(async move {
+                let buf = [2u8; 1024 * 64];
+                assert!(writer_2.write_all(&buf).await.is_ok());
+            });
+
+            assert!(tokio::try_join!(jh_1, jh_2).is_ok());
+
+            client
+        },
+        |server| async move {
+            let mut channel = scw.await.unwrap();
+
+            let mut total_data = 2 * 1024 * 64;
+            while let Some(msg) = channel.wait().await {
+                match msg {
+                    ChannelMsg::Data { data } => {
+                        total_data -= data.len();
+                        if total_data == 0 {
+                            break;
+                        }
+                    }
+                    _ => panic!("Unexpected message {:?}", msg),
+                }
+            }
+
+            server
+        },
+    )
+    .await;
+}
diff --git a/russh/src/tests/compress.rs b/russh/src/tests/compress.rs
new file mode 100644
index 00000000..973f1e8e
--- /dev/null
+++ b/russh/src/tests/compress.rs
@@ -0,0 +1,132 @@
+use std::collections::HashMap;
+use std::sync::{Arc, Mutex};
+
+use log::debug;
+use rand_core::OsRng;
+use russh_cryptovec::CryptoVec;
+use ssh_key::PrivateKey;
+
+use crate::keys::PrivateKeyWithHashAlg;
+use crate::server::{Msg, Server as _, Session};
+use crate::tests::test_init;
+use crate::{client, server, Channel, ChannelId, ChannelMsg, Preferred};
+
+#[tokio::test]
+async fn compress_local_test() {
+    test_init();
+
+    let client_key = PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap();
+    let mut config = crate::server::Config::default();
+    config.preferred = Preferred::COMPRESSED;
+    config.inactivity_timeout = None; // Some(std::time::Duration::from_secs(3));
+    config.auth_rejection_time = std::time::Duration::from_secs(3);
+    config
+        .keys
+        .push(PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap());
+    let config = Arc::new(config);
+    let mut sh = Server {
+        clients: Arc::new(Mutex::new(HashMap::new())),
+        id: 0,
+    };
+
+    let socket = tokio::net::TcpListener::bind("127.0.0.1:0").await.unwrap();
+    let addr = socket.local_addr().unwrap();
+
+    tokio::spawn(async move {
+        let (socket, _) = socket.accept().await.unwrap();
+        let server = sh.new_client(socket.peer_addr().ok());
+        server::run_stream(config, socket, server).await.unwrap();
+    });
+
+    let mut config = client::Config::default();
+    config.preferred = Preferred::COMPRESSED;
+    let config = Arc::new(config);
+
+    let mut session = client::connect(config, addr, Client {}).await.unwrap();
+    let authenticated = session
+        .authenticate_publickey(
+            std::env::var("USER").unwrap_or("user".to_owned()),
+            PrivateKeyWithHashAlg::new(
+                Arc::new(client_key),
+                session.best_supported_rsa_hash().await.unwrap().flatten(),
+            ),
+        )
+        .await
+        .unwrap()
+        .success();
+    assert!(authenticated);
+    let mut channel = session.channel_open_session().await.unwrap();
+
+    let data = &b"Hello, world!"[..];
+    channel.data(data).await.unwrap();
+    let msg = channel.wait().await.unwrap();
+    match msg {
+        ChannelMsg::Data { data: msg_data } => {
+            assert_eq!(*data, *msg_data)
+        }
+        msg => panic!("Unexpected message {:?}", msg),
+    }
+}
+
+#[derive(Clone)]
+struct Server {
+    clients: Arc<Mutex<HashMap<(usize, ChannelId), server::Handle>>>,
+    id: usize,
+}
+
+impl server::Server for Server {
+    type Handler = Self;
+    fn new_client(&mut self, _: Option<std::net::SocketAddr>) -> Self {
+        let s = self.clone();
+        self.id += 1;
+        s
+    }
+}
+
+impl server::Handler for Server {
+    type Error = crate::Error;
+
+    async fn channel_open_session(
+        &mut self,
+        channel: Channel<Msg>,
+        session: &mut Session,
+    ) -> Result<bool, Self::Error> {
+        {
+            let mut clients = self.clients.lock().unwrap();
+            clients.insert((self.id, channel.id()), session.handle());
+        }
+        Ok(true)
+    }
+    async fn auth_publickey(
+        &mut self,
+        _: &str,
+        _: &crate::keys::ssh_key::PublicKey,
+    ) -> Result<server::Auth, Self::Error> {
+        debug!("auth_publickey");
+        Ok(server::Auth::Accept)
+    }
+    async fn data(
+        &mut self,
+        channel: ChannelId,
+        data: &[u8],
+        session: &mut Session,
+    ) -> Result<(), Self::Error> {
+        debug!("server data = {:?}", std::str::from_utf8(data));
+        session.data(channel, CryptoVec::from_slice(data))?;
+        Ok(())
+    }
+}
+
+struct Client {}
+
+impl client::Handler for Client {
+    type Error = crate::Error;
+
+    async fn check_server_key(
+        &mut self,
+        _server_public_key: &crate::keys::ssh_key::PublicKey,
+    ) -> Result<bool, Self::Error> {
+        // println!("check_server_key: {:?}", server_public_key);
+        Ok(true)
+    }
+}
diff --git a/russh/src/tests/mod.rs b/russh/src/tests/mod.rs
new file mode 100644
index 00000000..be2b15c1
--- /dev/null
+++ b/russh/src/tests/mod.rs
@@ -0,0 +1,18 @@
+#![allow(clippy::unwrap_used, clippy::expect_used, clippy::panic)] // Allow unwraps, expects and panics in the test suite
+
+mod channels;
+mod compress;
+mod server_kex_junk;
+mod test_backpressure;
+mod test_crypto;
+mod test_data_channels;
+mod test_data_stream;
+mod test_framework;
+mod test_kex;
+mod test_tcpip_channels;
+
+pub fn test_init() {
+    let _ = env_logger::builder()
+        .filter_level(log::LevelFilter::Debug)
+        .try_init();
+}
diff --git a/russh/src/tests/server_kex_junk.rs b/russh/src/tests/server_kex_junk.rs
new file mode 100644
index 00000000..ae6dfa24
--- /dev/null
+++ b/russh/src/tests/server_kex_junk.rs
@@ -0,0 +1,51 @@
+use std::sync::Arc;
+
+use tokio::io::AsyncWriteExt;
+
+use crate::server;
+use crate::server::Server as _;
+use crate::tests::test_init;
+
+#[tokio::test]
+async fn server_kex_junk_test() {
+    test_init();
+
+    let config = server::Config::default();
+    let config = Arc::new(config);
+    let mut sh = Server {};
+
+    let socket = tokio::net::TcpListener::bind("127.0.0.1:0").await.unwrap();
+    let addr = socket.local_addr().unwrap();
+
+    tokio::spawn(async move {
+        let mut client_stream = tokio::net::TcpStream::connect(addr).await.unwrap();
+        client_stream
+            .write_all(b"SSH-2.0-Client_1.0\r\n")
+            .await
+            .unwrap();
+        // Unexpected message pre-kex
+        client_stream.write_all(&[0, 0, 0, 2, 0, 99]).await.unwrap();
+        tokio::time::sleep(std::time::Duration::from_secs(1)).await;
+    });
+
+    let (socket, _) = socket.accept().await.unwrap();
+    let server = sh.new_client(socket.peer_addr().ok());
+    let rs = server::run_stream(config, socket, server).await.unwrap();
+
+    // May not panic
+    assert!(rs.await.is_err());
+}
+
+#[derive(Clone)]
+struct Server {}
+
+impl server::Server for Server {
+    type Handler = Self;
+    fn new_client(&mut self, _: Option<std::net::SocketAddr>) -> Self {
+        self.clone()
+    }
+}
+
+impl server::Handler for Server {
+    type Error = crate::Error;
+}
diff --git a/russh/tests/test_backpressure.rs b/russh/src/tests/test_backpressure.rs
similarity index 91%
rename from russh/tests/test_backpressure.rs
rename to russh/src/tests/test_backpressure.rs
index 960d53d0..27c74866 100644
--- a/russh/tests/test_backpressure.rs
+++ b/russh/src/tests/test_backpressure.rs
@@ -4,20 +4,22 @@ use std::sync::Arc;
 use futures::FutureExt;
 use rand::RngCore;
 use rand_core::OsRng;
-use russh::keys::PrivateKeyWithHashAlg;
-use russh::server::{self, Auth, Msg, Server as _, Session};
-use russh::{client, Channel, ChannelMsg};
 use ssh_key::PrivateKey;
 use tokio::io::AsyncWriteExt;
 use tokio::sync::watch;
 use tokio::time::sleep;
 
+use crate::keys::PrivateKeyWithHashAlg;
+use crate::server::{self, Auth, Msg, Server as _, Session};
+use crate::tests::test_init;
+use crate::{client, Channel, ChannelMsg};
+
 pub const WINDOW_SIZE: usize = 8 * 2048;
 pub const CHANNEL_BUFFER_SIZE: usize = 10;
 
 #[tokio::test]
 async fn test_backpressure() -> Result<(), anyhow::Error> {
-    env_logger::init();
+    test_init();
 
     let addr = addr();
     let data = data();
@@ -39,7 +41,7 @@ async fn stream(addr: SocketAddr, data: &[u8], tx: watch::Sender<()>) -> Result<
     let config = Arc::new(client::Config::default());
     let key = Arc::new(PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap());
 
-    let mut session = russh::client::connect(config, addr, Client).await?;
+    let mut session = crate::client::connect(config, addr, Client).await?;
     let channel = match session
         .authenticate_publickey(
             "user",
@@ -108,7 +110,7 @@ impl Server {
     }
 }
 
-impl russh::server::Server for Server {
+impl crate::server::Server for Server {
     type Handler = Self;
 
     fn new_client(&mut self, _: Option<std::net::SocketAddr>) -> Self::Handler {
@@ -116,7 +118,7 @@ impl russh::server::Server for Server {
     }
 }
 
-impl russh::server::Handler for Server {
+impl crate::server::Handler for Server {
     type Error = anyhow::Error;
 
     async fn auth_publickey(
@@ -148,7 +150,7 @@ impl russh::server::Handler for Server {
 
 struct Client;
 
-impl russh::client::Handler for Client {
+impl crate::client::Handler for Client {
     type Error = anyhow::Error;
 
     async fn check_server_key(&mut self, _: &ssh_key::PublicKey) -> Result<bool, Self::Error> {
diff --git a/russh/src/tests/test_crypto.rs b/russh/src/tests/test_crypto.rs
new file mode 100644
index 00000000..7f98c9b8
--- /dev/null
+++ b/russh/src/tests/test_crypto.rs
@@ -0,0 +1,173 @@
+use super::test_framework::*;
+use crate::cipher::ALL_CIPHERS;
+use crate::mac::ALL_MAC_ALGORITHMS;
+use crate::tests::test_init;
+
+/// Configuration for cipher and MAC algorithm testing
+#[derive(Debug, Clone)]
+pub(crate) struct CryptoTestConfig {
+    /// The preferred algorithms to test
+    pub preferred: crate::Preferred,
+    /// The username to use for authentication (default: "testuser")
+    pub user: Option<String>,
+    /// Additional actions to perform after basic auth and session setup
+    pub additional_actions: Vec<Action>,
+    /// Additional expected events beyond the basic auth and session events
+    pub additional_expected_events: Vec<ExpectedEvent>,
+}
+
+impl Default for CryptoTestConfig {
+    fn default() -> Self {
+        Self {
+            preferred: crate::Preferred::default(),
+            user: None,
+            additional_actions: Vec::new(),
+            additional_expected_events: Vec::new(),
+        }
+    }
+}
+
+impl CryptoTestConfig {
+    /// Create a new config with the specified preferred algorithms
+    pub fn with_preferred(preferred: crate::Preferred) -> Self {
+        Self {
+            preferred,
+            ..Default::default()
+        }
+    }
+
+    /// Create a new config with the specified cipher
+    pub fn with_cipher(cipher: crate::cipher::Name) -> Self {
+        let mut preferred = crate::Preferred::default();
+        preferred.cipher = vec![cipher].into();
+        Self {
+            preferred,
+            ..Default::default()
+        }
+    }
+
+    /// Create a new config with the specified MAC algorithm
+    pub fn with_mac(mac: crate::mac::Name) -> Self {
+        let mut preferred = crate::Preferred::default();
+        // Use AES-128-CTR as the cipher since it supports MACs
+        preferred.cipher = vec![crate::cipher::AES_128_CTR].into();
+        preferred.mac = vec![mac].into();
+        Self {
+            preferred,
+            ..Default::default()
+        }
+    }
+
+    /// Get the username, defaulting to "testuser" if not specified
+    pub fn get_user(&self) -> &str {
+        self.user.as_deref().unwrap_or("testuser")
+    }
+}
+
+/// Test all supported cipher algorithms
+#[tokio::test]
+async fn test_all_ciphers() -> Result<(), TestError> {
+    test_init();
+
+    for &cipher in ALL_CIPHERS {
+        // Skip insecure/testing ciphers in comprehensive tests
+        if cipher == &crate::cipher::CLEAR || cipher == &crate::cipher::NONE {
+            continue;
+        }
+
+        println!("Testing cipher: {}", cipher.as_ref());
+
+        test_cipher(*cipher)
+            .await
+            .map_err(|e| TestError::Client(format!("Failed testing cipher {}: {}", cipher.as_ref(), e)))
+            .unwrap();
+    }
+
+    Ok(())
+}
+
+/// Test all supported MAC algorithms
+#[tokio::test]
+async fn test_all_macs() -> Result<(), TestError> {
+    test_init();
+
+    for &mac_alg in ALL_MAC_ALGORITHMS {
+        // Skip NONE MAC for this test as we want to test actual MAC algorithms
+        if mac_alg == &crate::mac::NONE {
+            continue;
+        }
+
+        println!("Testing MAC: {}", mac_alg.as_ref());
+
+        test_mac(*mac_alg)
+            .await
+            .map_err(|e| TestError::Client(format!("Failed testing MAC {}: {}", mac_alg.as_ref(), e)))
+            .unwrap();
+    }
+
+    Ok(())
+}
+
+/// Create a server config with specified preferred algorithms
+pub fn server_config_with_preferred(preferred: crate::Preferred) -> Result<crate::server::Config, TestError> {
+    let server_key =
+        ssh_key::PrivateKey::random(&mut rand::rngs::OsRng, ssh_key::Algorithm::Ed25519)
+            .map_err(|e| TestError::Io(std::io::Error::new(std::io::ErrorKind::Other, e)))?;
+
+    Ok(crate::server::Config {
+        inactivity_timeout: Some(std::time::Duration::from_secs(10)),
+        auth_rejection_time: std::time::Duration::from_secs(1),
+        auth_rejection_time_initial: Some(std::time::Duration::from_secs(0)),
+        keys: vec![server_key],
+        preferred,
+        ..Default::default()
+    })
+}
+
+/// Create a client config with specified preferred algorithms
+pub fn client_config_with_preferred(preferred: crate::Preferred) -> Result<crate::client::Config, TestError> {
+    Ok(crate::client::Config {
+        preferred,
+        ..Default::default()
+    })
+}
+
+/// Unified method to test crypto algorithms with configurable parameters
+pub async fn test_crypto_with_config(config: CryptoTestConfig) -> Result<(), TestError> {
+    let user = config.get_user().to_string();
+    let additional_actions = config.additional_actions;
+    let additional_expected_events = config.additional_expected_events;
+
+    let server_config = server_config_with_preferred(config.preferred.clone())?;
+    let client_config = client_config_with_preferred(config.preferred)?;
+
+    let context = TestFramework::setup_with_configs(Some(server_config), Some(client_config)).await?;
+
+    // Build the actions: basic auth and session + any additional actions
+    let mut actions = vec![
+        Action::ClientAuthenticate { user: user.clone() },
+        Action::ClientOpenSession,
+    ];
+    actions.extend(additional_actions);
+
+    // Build expected events: basic auth and session + any additional events
+    let mut expected_events = vec![
+        ExpectedEvent::ServerAuthPublickey { user: user.clone() },
+        ExpectedEvent::ServerChannelOpenSession,
+        ExpectedEvent::ClientCheckServerKey,
+    ];
+    expected_events.extend(additional_expected_events);
+
+    // Run the test with strict event verification
+    TestFramework::run_test(context, actions, expected_events).await
+}
+
+/// Test basic authentication and session setup with a specific cipher
+pub async fn test_cipher(cipher: crate::cipher::Name) -> Result<(), TestError> {
+    test_crypto_with_config(CryptoTestConfig::with_cipher(cipher)).await
+}
+
+/// Test basic authentication and session setup with a specific MAC algorithm
+pub async fn test_mac(mac: crate::mac::Name) -> Result<(), TestError> {
+    test_crypto_with_config(CryptoTestConfig::with_mac(mac)).await
+}
diff --git a/russh/src/tests/test_data_channels.rs b/russh/src/tests/test_data_channels.rs
new file mode 100644
index 00000000..0505d09b
--- /dev/null
+++ b/russh/src/tests/test_data_channels.rs
@@ -0,0 +1,120 @@
+use super::test_framework::*;
+use crate::tests::test_init;
+use crate::ChannelId;
+
+#[tokio::test]
+async fn test_basic_auth_and_channel() -> Result<(), TestError> {
+    test_init();
+
+    let context = TestFramework::setup().await?;
+
+    let actions = vec![
+        Action::ClientAuthenticate {
+            user: "testuser".to_string(),
+        },
+        Action::ClientOpenSession,
+    ];
+
+    let expected_events = vec![
+        ExpectedEvent::ServerAuthPublickey {
+            user: "testuser".to_string(),
+        },
+        ExpectedEvent::ServerChannelOpenSession,
+        ExpectedEvent::ClientCheckServerKey,
+    ];
+
+    TestFramework::run_test(context, actions, expected_events).await
+}
+
+#[tokio::test]
+async fn test_data_exchange() -> Result<(), TestError> {
+    test_init();
+
+    let context = TestFramework::setup().await?;
+
+    let actions = vec![
+        Action::ClientAuthenticate {
+            user: "testuser".to_string(),
+        },
+        Action::ClientOpenSession,
+        Action::ClientSendData {
+            channel: ChannelId(0),
+            data: b"hello world".to_vec(),
+        },
+    ];
+
+    let expected_events = vec![
+        ExpectedEvent::ServerAuthPublickey {
+            user: "testuser".to_string(),
+        },
+        ExpectedEvent::ServerChannelOpenSession,
+        ExpectedEvent::ServerData {
+            channel: ChannelId(2), // russh assigns channel ID 2 internally
+            data: b"hello world".to_vec(),
+        },
+        ExpectedEvent::ClientCheckServerKey,
+    ];
+
+    TestFramework::run_test(context, actions, expected_events).await
+}
+
+#[tokio::test]
+async fn test_bidirectional_data_exchange() -> Result<(), TestError> {
+    test_init();
+
+    let context = TestFramework::setup().await?;
+
+    let actions = vec![
+        Action::ClientAuthenticate {
+            user: "testuser".to_string(),
+        },
+        Action::ClientOpenSession,
+        Action::ClientSendData {
+            channel: ChannelId(0),
+            data: b"client hello".to_vec(),
+        },
+    ];
+
+    let expected_events = vec![
+        ExpectedEvent::ServerAuthPublickey {
+            user: "testuser".to_string(),
+        },
+        ExpectedEvent::ServerChannelOpenSession,
+        ExpectedEvent::ServerData {
+            channel: ChannelId(2), // russh assigns channel ID 2 internally
+            data: b"client hello".to_vec(),
+        },
+        ExpectedEvent::ClientCheckServerKey,
+    ];
+
+    TestFramework::run_test(context, actions, expected_events).await
+}
+
+#[tokio::test]
+#[should_panic(expected = "EventMismatch")]
+async fn test_exact_event_order_failure() {
+    test_init();
+
+    let context = TestFramework::setup().await.unwrap();
+
+    let actions = vec![
+        Action::ClientAuthenticate {
+            user: "testuser".to_string(),
+        },
+        Action::ClientOpenSession,
+    ];
+
+    // Intentionally wrong order to demonstrate exact matching
+    let wrong_expected_events = vec![
+        ExpectedEvent::ClientCheckServerKey, // This should be last, not first
+        ExpectedEvent::ServerAuthPublickey {
+            user: "testuser".to_string(),
+        },
+        ExpectedEvent::ServerChannelOpenSession,
+    ];
+
+    // This should fail because the order is wrong
+    TestFramework::run_test(context, actions, wrong_expected_events)
+        .await
+        .unwrap();
+}
diff --git a/russh/tests/test_data_stream.rs b/russh/src/tests/test_data_stream.rs
similarity index 92%
rename from russh/tests/test_data_stream.rs
rename to russh/src/tests/test_data_stream.rs
index 9aec9197..a3ecb97c 100644
--- a/russh/tests/test_data_stream.rs
+++ b/russh/src/tests/test_data_stream.rs
@@ -3,12 +3,14 @@ use std::sync::Arc;
 
 use rand::RngCore;
 use rand_core::OsRng;
-use russh::keys::PrivateKeyWithHashAlg;
-use russh::server::{self, Auth, Msg, Server as _, Session};
-use russh::{client, Channel, ChannelMsg};
 use ssh_key::PrivateKey;
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
 
+use crate::keys::PrivateKeyWithHashAlg;
+use crate::server::{self, Auth, Msg, Server as _, Session};
+use crate::tests::test_init;
+use crate::{client, Channel, ChannelMsg};
+
 pub const WINDOW_SIZE: u32 = 8 * 2048;
 
 trait ChannelDataCopy {
@@ -94,8 +96,7 @@ async fn test_channel_halves() -> Result<(), anyhow::Error> {
 }
 
 async fn run_test(test: impl ChannelDataCopy) -> Result<(), anyhow::Error> {
-    static INIT: std::sync::Once = std::sync::Once::new();
-    INIT.call_once(env_logger::init);
+    test_init();
 
     let addr = addr();
     let data = data();
@@ -120,7 +121,7 @@ async fn stream(
     let config = Arc::new(client::Config::default());
     let key = Arc::new(PrivateKey::random(&mut OsRng, ssh_key::Algorithm::Ed25519).unwrap());
 
-    let mut session = russh::client::connect(config, addr, Client).await?;
+    let mut session = crate::client::connect(config, addr, Client).await?;
     let channel = match session
         .authenticate_publickey(
             "user",
@@ -176,7 +177,7 @@ impl Server {
     }
 }
 
-impl russh::server::Server for Server {
+impl crate::server::Server for Server {
     type Handler = Self;
 
     fn new_client(&mut self, _: Option<std::net::SocketAddr>) -> Self::Handler {
@@ -184,7 +185,7 @@ impl russh::server::Server for Server {
     }
 }
 
-impl russh::server::Handler for Server {
+impl crate::server::Handler for Server {
     type Error = anyhow::Error;
 
     async fn auth_publickey(
@@ -217,7 +218,7 @@ impl russh::server::Handler for Server {
 
 struct Client;
 
-impl russh::client::Handler for Client {
+impl crate::client::Handler for Client {
     type Error = anyhow::Error;
 
     async fn check_server_key(&mut self, _: &ssh_key::PublicKey) -> Result<bool, Self::Error> {
diff --git a/russh/src/tests/test_framework.rs b/russh/src/tests/test_framework.rs
new file mode 100644
index 00000000..176673fa
--- /dev/null
+++ b/russh/src/tests/test_framework.rs
@@ -0,0 +1,747 @@
+//! # Test Framework for russh
+//!
+//! This module provides a simple test framework for the russh crate that allows you to:
+//!
+//! - Set up a connected client and server pair using in-memory pipes (tokio::io::duplex)
+//! - Define sequences of actions to perform on the client or server
+//! - Define expected events that should occur in response
+//! - Verify that the expected events actually happen
+//!
+//! The framework implementation is in this file, while tests for the framework itself
+//! are located in `test_framework_tests.rs`.
+//!
+//! ## Example Usage
+//!
+//! ### Basic Usage with Framework Execution
+//!
+//! ```rust,no_run
+//! # use russh::test_framework::*;
+//! # tokio_test::block_on(async {
+//! let context = TestFramework::setup().await?;
+//!
+//! let actions = vec![
+//!     Action::ClientAuthenticate { user: "testuser".to_string() },
+//!     Action::ClientOpenSession,
+//!     Action::ClientSendData {
+//!         channel: ChannelId(0),
+//!         data: b"hello world".to_vec()
+//!     },
+//! ];
+//!
+//! let expected_events = vec![
+//!     ExpectedEvent::ServerAuthPublickey { user: "testuser".to_string() },
+//!     ExpectedEvent::ServerChannelOpenSession,
+//!     ExpectedEvent::ClientCheckServerKey,
+//! ];
+//!
+//! // Use exact event matching (order and content must match exactly)
+//! TestFramework::run_test(context, actions, expected_events).await?;
+//!
+//! # Ok::<(), TestError>(())
+//! # });
+//! ```
+//!
+//! ### Advanced Usage with Manual Control
+//!
+//! ```rust,no_run
+//! # use russh::test_framework::*;
+//! # tokio_test::block_on(async {
+//! let context = TestFramework::setup().await?;
+//! let mut context = context;
+//!
+//! // Execute actions through the framework
+//! TestFramework::execute_actions(&mut context, vec![
+//!     Action::ClientAuthenticate { user: "testuser".to_string() },
+//!     Action::ClientOpenSession,
+//! ]).await?;
+//!
+//! // Custom event verification logic
+//! tokio::time::sleep(std::time::Duration::from_millis(100)).await;
+//! let events = /* gather events */;
+//! // ... custom verification ...
+//!
+//! # Ok::<(), TestError>(())
+//! # });
+//! ```
+
+//! ## Features
+//!
+//! - **In-memory connections**: Uses `tokio::io::duplex` for fast, deterministic testing
+//! - **Event tracking**: Automatically records Handler method calls from both client and server
+//! - **Action scripting**: Define sequences of client and server actions to execute
+//! - **Event verification**: Verify that expected events occur in exact order and content
+//! - **Exact matching**: Compare actual events against expected event arrays with precise order checking
+//! - **Server-side actions**: Send data and close channels from the server side using commands
+//!
+//! ## Limitations
+//!
+//! - **Event ordering**: Event order is strictly enforced (use `run_test_flexible` for order-independent checking)
+//! - **Channel IDs**: Channel IDs are assigned by russh internally and may differ from action parameters
+//! - **Server-side actions**: Server-side actions use a command channel mechanism that may not reflect real usage
+//!
+//! ## API Methods
+//!
+//! - **`TestFramework::setup()`**: Creates a connected client/server pair
+//! - **`TestFramework::execute_action(context, action)`**: Executes a single action
+//! - **`TestFramework::execute_actions(context, actions)`**: Executes multiple actions
+//! - **`TestFramework::run_test(context, actions, events)`**: Executes actions and verifies events (exact order and content match)
+//! - **`TestFramework::run_test_flexible(context, actions, events)`**: Executes actions and verifies events (order-independent, for compatibility)
+//!
+//! ## Extending the Framework
+//!
+//! To add support for more SSH operations:
+//!
+//! 1. Add new variants to the `Action` enum
+//! 2. Add corresponding variants to the `ExpectedEvent` enum
+//! 3. Implement the action in `TestFramework::execute_action()`
+//! 4. Add event recording in the appropriate handler methods
+//!
+
+use std::collections::{HashMap, VecDeque};
+use std::sync::Arc;
+
+use tokio::sync::mpsc;
+
+use crate::channels::Channel;
+use crate::client::{
+    self, Handle as ClientHandle, Handler as ClientHandler,
+};
+use crate::server::{
+    self, Auth, Handle as ServerHandle, Handler as ServerHandler, Msg as ServerMsg,
+    Session as ServerSession,
+};
+use crate::{ChannelId, Error};
+
+/// Commands that can be sent to the server handler
+#[derive(Debug)]
+pub enum ServerCommand {
+    SendData {
+        channel_id: ChannelId,
+        data: Vec<u8>,
+    },
+}
+
+/// Represents an action that can be performed on the client or server
+#[derive(Debug, Clone)]
+pub enum Action {
+    /// Client calls channel_open_session
+    ClientOpenSession,
+    /// Client calls channel_open_direct_tcpip
+    ClientOpenDirectTcpip {
+        host_to_connect: String,
+        port_to_connect: u32,
+        originator_address: String,
+        originator_port: u32,
+    },
+    /// Server opens a forwarded-tcpip channel to the client
+    ServerOpenForwardedTcpip {
+        connected_address: String,
+        connected_port: u32,
+        originator_address: String,
+        originator_port: u32,
+    },
+    /// Client sends data to a channel
+    ClientSendData { channel: ChannelId, data: Vec<u8> },
+    /// Client closes a channel
+    ClientCloseChannel { channel: ChannelId },
+    /// Server sends data to a channel
+    ServerSendData { channel: ChannelId, data: Vec<u8> },
+    /// Client authenticates with publickey
+    ClientAuthenticate { user: String },
+}
+
+/// Represents an expected event (handler method call)
+#[derive(Debug, Clone, PartialEq)]
+pub enum ExpectedEvent {
+    /// Server handler auth_publickey was called
+    ServerAuthPublickey { user: String },
+    /// Server handler channel_open_session was called
+    ServerChannelOpenSession,
+    /// Server handler channel_open_direct_tcpip was called
+    ServerChannelOpenDirectTcpip {
+        host_to_connect: String,
+        port_to_connect: u32,
+        originator_address: String,
+        originator_port: u32,
+    },
+    /// Server handler channel_open_forwarded_tcpip was called
+    ServerChannelOpenForwardedTcpip {
+        host_to_connect: String,
+        port_to_connect: u32,
+        originator_address: String,
+        originator_port: u32,
+    },
+    /// Client handler server_channel_open_forwarded_tcpip was called
+    ClientServerChannelOpenForwardedTcpip {
+        connected_address: String,
+        connected_port: u32,
+        originator_address: String,
+        originator_port: u32,
+    },
+    /// Server handler data was called
+    ServerData { channel: ChannelId, data: Vec<u8> },
+    /// Server handler channel_close was called
+    ServerChannelClose { channel: ChannelId },
+    /// Client handler data was called
+    ClientData { channel: ChannelId, data: Vec<u8> },
+    /// Client handler channel_close was called
+    ClientChannelClose { channel: ChannelId },
+    /// Client handler check_server_key was called
+    ClientCheckServerKey,
+}
+
+/// Test framework error
+#[derive(Debug, thiserror::Error)]
+pub enum TestError {
+    #[error("Russh error: {0}")]
+    Russh(#[from] Error),
+    #[error("Server error: {0}")]
+    Server(String),
+    #[error("Client error: {0}")]
+    Client(String),
+    #[error("Expected event {expected:?} but got {actual:?}")]
+    EventMismatch {
+        expected: ExpectedEvent,
+        actual: ExpectedEvent,
+    },
+    #[error("Expected {expected} events but got {actual}")]
+    EventCountMismatch { expected: usize, actual: usize },
+    #[error("Channel not found: {0}")]
+    ChannelNotFound(ChannelId),
+    #[error("I/O error: {0}")]
+    Io(#[from] std::io::Error),
+}
+
+/// Handler that tracks events for testing
+#[derive(Debug)]
+struct TestServerHandler {
+    events: Arc<tokio::sync::Mutex<VecDeque<ExpectedEvent>>>,
+    channels: Arc<tokio::sync::Mutex<HashMap<ChannelId, Channel<ServerMsg>>>>,
+    command_rx: Arc<tokio::sync::Mutex<mpsc::UnboundedReceiver<ServerCommand>>>,
+    server_session: Arc<tokio::sync::Mutex<Option<ServerHandle>>>,
+}
+
+impl TestServerHandler {
+    fn new(
+        events: Arc<tokio::sync::Mutex<VecDeque<ExpectedEvent>>>,
+        command_rx: mpsc::UnboundedReceiver<ServerCommand>,
+    ) -> Self {
+        Self {
+            events,
+            channels: Arc::new(tokio::sync::Mutex::new(HashMap::new())),
+            command_rx: Arc::new(tokio::sync::Mutex::new(command_rx)),
+            server_session: Arc::new(tokio::sync::Mutex::new(None)),
+        }
+    }
+
+    async fn record_event(&self, event: ExpectedEvent) {
+        let mut events = self.events.lock().await;
+        events.push_back(event);
+    }
+
+    async fn process_commands(&self) {
+        let mut command_rx = self.command_rx.lock().await;
+        // Process all available commands
+        while let Ok(command) = command_rx.try_recv() {
+            println!("Processing server command: {:?}", command);
+            match command {
+                ServerCommand::SendData { channel_id, data } => {
+                    let channels = self.channels.lock().await;
+                    if let Some(channel) = channels.get(&channel_id) {
+                        if let Err(e) = channel.data(&data[..]).await {
+                            eprintln!("Failed to send data to channel {:?}: {:?}", channel_id, e);
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
+
+impl ServerHandler for TestServerHandler {
+    type Error = TestError;
+
+    async fn auth_publickey(
+        &mut self,
+        user: &str,
+        _public_key: &ssh_key::PublicKey,
+    ) -> Result<Auth, Self::Error> {
+        self.record_event(ExpectedEvent::ServerAuthPublickey {
+            user: user.to_string(),
+        })
+        .await;
+
+        // Process any pending commands after auth
+        self.process_commands().await;
+
+        Ok(Auth::Accept)
+    }
+
+    async fn channel_open_session(
+        &mut self,
+        channel: Channel<ServerMsg>,
+        session: &mut ServerSession,
+    ) -> Result<bool, Self::Error> {
+        let channel_id = channel.id();
+
+        // Store the server session handle for later use
+        {
+            let mut stored_session = self.server_session.lock().await;
+            *stored_session = Some(session.handle());
+        }
+
+        self.record_event(ExpectedEvent::ServerChannelOpenSession)
+            .await;
+
+        // Store the channel for later use
+        let mut channels = self.channels.lock().await;
+        channels.insert(channel_id, channel);
+
+        // Process any pending commands now that we have a session handle
+        self.process_commands().await;
+
+        Ok(true)
+    }
+
+    async fn channel_open_direct_tcpip(
+        &mut self,
+        channel: Channel<ServerMsg>,
+        host_to_connect: &str,
+        port_to_connect: u32,
+        originator_address: &str,
+        originator_port: u32,
+        _session: &mut ServerSession,
+    ) -> Result<bool, Self::Error> {
+        let channel_id = channel.id();
+        self.record_event(ExpectedEvent::ServerChannelOpenDirectTcpip {
+            host_to_connect: host_to_connect.to_string(),
+            port_to_connect,
+            originator_address: originator_address.to_string(),
+            originator_port,
+        })
+        .await;
+
+        // Store the channel for later use
+        let mut channels = self.channels.lock().await;
+        channels.insert(channel_id, channel);
+
+        Ok(true)
+    }
+
+    async fn channel_open_forwarded_tcpip(
+        &mut self,
+        channel: Channel<ServerMsg>,
+        host_to_connect: &str,
+        port_to_connect: u32,
+        originator_address: &str,
+        originator_port: u32,
+        _session: &mut ServerSession,
+    ) -> Result<bool, Self::Error> {
+        let channel_id = channel.id();
+        self.record_event(ExpectedEvent::ServerChannelOpenForwardedTcpip {
+            host_to_connect: host_to_connect.to_string(),
+            port_to_connect,
+            originator_address: originator_address.to_string(),
+            originator_port,
+        })
+        .await;
+
+        // Store the channel for later use
+        let mut channels = self.channels.lock().await;
+        channels.insert(channel_id, channel);
+
+        // Process any pending commands
+        self.process_commands().await;
+
+        Ok(true)
+    }
+
+    async fn data(
+        &mut self,
+        channel: ChannelId,
+        data: &[u8],
+        _session: &mut ServerSession,
+    ) -> Result<(), Self::Error> {
+        self.record_event(ExpectedEvent::ServerData {
+            channel,
+            data: data.to_vec(),
+        })
+        .await;
+
+        // Process any pending commands
+        self.process_commands().await;
+
+        Ok(())
+    }
+
+    async fn channel_close(
+        &mut self,
+        channel: ChannelId,
+        _session: &mut ServerSession,
+    ) -> Result<(), Self::Error> {
+        self.record_event(ExpectedEvent::ServerChannelClose { channel })
+            .await;
+        Ok(())
+    }
+}
+
+/// Client handler that tracks events for testing
+#[derive(Debug)]
+struct TestClientHandler {
+    events: Arc<tokio::sync::Mutex<VecDeque<ExpectedEvent>>>,
+}
+
+impl TestClientHandler {
+    fn new(events: Arc<tokio::sync::Mutex<VecDeque<ExpectedEvent>>>) -> Self {
+        Self { events }
+    }
+
+    async fn record_event(&self, event: ExpectedEvent) {
+        let mut events = self.events.lock().await;
+        events.push_back(event);
+    }
+}
+
+impl ClientHandler for TestClientHandler {
+    type Error = TestError;
+
+    async fn check_server_key(
+        &mut self,
+        _server_public_key: &ssh_key::PublicKey,
+    ) -> Result<bool, Self::Error> {
+        self.record_event(ExpectedEvent::ClientCheckServerKey).await;
+        Ok(true)
+    }
+
+    async fn data(
+        &mut self,
+        channel: ChannelId,
+        data: &[u8],
+        _session: &mut client::Session,
+    ) -> Result<(), Self::Error> {
+        self.record_event(ExpectedEvent::ClientData {
+            channel,
+            data: data.to_vec(),
+        })
+        .await;
+        Ok(())
+    }
+
+    async fn channel_close(
+        &mut self,
+        channel: ChannelId,
+        _session: &mut client::Session,
+    ) -> Result<(), Self::Error> {
+        self.record_event(ExpectedEvent::ClientChannelClose { channel })
+            .await;
+        Ok(())
+    }
+
+    async fn server_channel_open_forwarded_tcpip(
+        &mut self,
+        _channel: Channel<client::Msg>,
+        connected_address: &str,
+        connected_port: u32,
+        originator_address: &str,
+        originator_port: u32,
+        _session: &mut client::Session,
+    ) -> Result<(), Self::Error> {
+        self.record_event(ExpectedEvent::ClientServerChannelOpenForwardedTcpip {
+            connected_address: connected_address.to_string(),
+            connected_port,
+            originator_address: originator_address.to_string(),
+            originator_port,
+        })
+        .await;
+        Ok(())
+    }
+}
+
+/// Test context that holds the client and server handles along with channels
+pub struct TestContext {
+    pub client: ClientHandle<TestClientHandler>,
+    pub server_events: Arc<tokio::sync::Mutex<VecDeque<ExpectedEvent>>>,
+    pub client_events: Arc<tokio::sync::Mutex<VecDeque<ExpectedEvent>>>,
+    pub server_command_tx: mpsc::UnboundedSender<ServerCommand>,
+    pub client_channels: Vec<Channel<crate::client::Msg>>,
+    pub server_session_handle: Arc<tokio::sync::Mutex<Option<ServerHandle>>>,
+}
+
+impl TestContext {
+    /// Get a client channel by index
+    pub fn get_client_channel(
+        &self,
+        index: usize,
+    ) -> Result<&Channel<crate::client::Msg>, TestError> {
+        self.client_channels
+            .get(index)
+            .ok_or_else(|| TestError::ChannelNotFound(ChannelId(index as u32)))
+    }
+}
+
+/// Simple test framework for russh
+pub struct TestFramework;
+
+impl TestFramework {
+    /// Set up a connected client and server pair using a pipe
+    pub async fn setup() -> Result<TestContext, TestError> {
+        Self::setup_with_configs(None, None).await
+    }
+
+    /// Set up a connected client and server pair with custom configurations
+    pub async fn setup_with_configs(
+        custom_server_config: Option<server::Config>,
+        custom_client_config: Option<client::Config>,
+    ) -> Result<TestContext, TestError> {
+        // Create a bidirectional pipe
+        let (client_stream, server_stream) = tokio::io::duplex(65536);
+
+        // Create shared event storage
+        let server_events = Arc::new(tokio::sync::Mutex::new(VecDeque::new()));
+        let client_events = Arc::new(tokio::sync::Mutex::new(VecDeque::new()));
+
+        // Create command channel for server
+        let (server_command_tx, server_command_rx) = mpsc::unbounded_channel();
+
+        // Create handlers
+        let server_handler = TestServerHandler::new(server_events.clone(), server_command_rx);
+        let server_session_handle = server_handler.server_session.clone();
+        let client_handler = TestClientHandler::new(client_events.clone());
+
+        // Set up server config
+        let server_config = if let Some(config) = custom_server_config {
+            Arc::new(config)
+        } else {
+            let server_key =
+                ssh_key::PrivateKey::random(&mut rand::rngs::OsRng, ssh_key::Algorithm::Ed25519)
+                    .map_err(|e| {
+                        TestError::Io(std::io::Error::new(std::io::ErrorKind::Other, e))
+                    })?;
+
+            Arc::new(server::Config {
+                inactivity_timeout: Some(std::time::Duration::from_secs(10)),
+                auth_rejection_time: std::time::Duration::from_secs(1),
+                auth_rejection_time_initial: Some(std::time::Duration::from_secs(0)),
+                keys: vec![server_key],
+                ..Default::default()
+            })
+        };
+
+        // Set up client config
+        let client_config = if let Some(config) = custom_client_config {
+            Arc::new(config)
+        } else {
+            Arc::new(client::Config::default())
+        };
+
+        // Start server in background
+        let _server_task = tokio::spawn(async move {
+            if let Err(e) = server::run_stream(server_config, server_stream, server_handler).await {
+                eprintln!("Server error: {:?}", e);
+            }
+        });
+
+        // Connect client
+        let client = client::connect_stream(client_config, client_stream, client_handler)
+            .await
+            .map_err(|e| TestError::Client(format!("{:?}", e)))?;
+
+        Ok(TestContext {
+            client,
+            server_events,
+            client_events,
+            server_command_tx,
+            client_channels: Vec::new(),
+            server_session_handle,
+        })
+    }
+
+    /// Execute a sequence of actions and verify the expected events occur
+    pub async fn run_test(
+        mut context: TestContext,
+        actions: Vec<Action>,
+        expected_events: Vec<ExpectedEvent>,
+    ) -> Result<(), TestError> {
+        // Execute actions
+        for action in actions {
+            Self::execute_action(&mut context, action).await?;
+        }
+
+        // Allow some time for events to propagate
+        tokio::time::sleep(std::time::Duration::from_millis(100)).await;
+
+        // Verify events
+        Self::verify_events(&context, expected_events).await
+    }
+
+    async fn execute_action(context: &mut TestContext, action: Action) -> Result<(), TestError> {
+        match action {
+            Action::ClientAuthenticate { user } => {
+                // Generate a key for authentication
+                let key = ssh_key::PrivateKey::random(
+                    &mut rand::rngs::OsRng,
+                    ssh_key::Algorithm::Ed25519,
+                )
+                .map_err(|e| TestError::Io(std::io::Error::new(std::io::ErrorKind::Other, e)))?;
+
+                let key_with_hash = crate::keys::PrivateKeyWithHashAlg::new(Arc::new(key), None);
+
+                context
+                    .client
+                    .authenticate_publickey(user, key_with_hash)
+                    .await
+                    .map_err(|e| TestError::Client(format!("{:?}", e)))?;
+            }
+            Action::ClientOpenSession => {
+                let channel = context
+                    .client
+                    .channel_open_session()
+                    .await
+                    .map_err(|e| TestError::Client(format!("{:?}", e)))?;
+                context.client_channels.push(channel);
+            }
+            Action::ClientOpenDirectTcpip {
+                host_to_connect,
+                port_to_connect,
+                originator_address,
+                originator_port,
+            } => {
+                let channel = context
+                    .client
+                    .channel_open_direct_tcpip(
+                        host_to_connect,
+                        port_to_connect,
+                        originator_address,
+                        originator_port,
+                    )
+                    .await
+                    .map_err(|e| TestError::Client(format!("{:?}", e)))?;
+                context.client_channels.push(channel);
+            }
+            Action::ClientSendData { channel, data } => {
+                let ch = context.get_client_channel(channel.0 as usize)?;
+                ch.data(&data[..]).await.map_err(|e| {
+                    TestError::Io(std::io::Error::new(std::io::ErrorKind::Other, e))
+                })?;
+            }
+            Action::ClientCloseChannel { channel } => {
+                let ch = context.get_client_channel(channel.0 as usize)?;
+                ch.close().await.map_err(|e| {
+                    TestError::Io(std::io::Error::new(std::io::ErrorKind::Other, e))
+                })?;
+            }
+            Action::ServerSendData { channel, data } => {
+                context
+                    .server_command_tx
+                    .send(ServerCommand::SendData {
+                        channel_id: channel,
+                        data,
+                    })
+                    .map_err(|_| {
+                        TestError::Server("Failed to send command to server".to_string())
+                    })?;
+
+                // Give some time for the command to be processed
+                tokio::time::sleep(std::time::Duration::from_millis(50)).await;
+            }
+            Action::ServerOpenForwardedTcpip {
+                connected_address,
+                connected_port,
+                originator_address,
+                originator_port,
+            } => {
+                println!("Executing ServerOpenForwardedTcpip action");
+
+                // Get the server session handle from the context
+                let session_handle_opt = {
+                    let stored_session = context.server_session_handle.lock().await;
+                    stored_session.clone()
+                };
+
+                if let Some(session_handle) = session_handle_opt {
+                    println!(
+                        "Server session handle available, opening forwarded-tcpip channel directly"
+                    );
+                    match session_handle
+                        .channel_open_forwarded_tcpip(
+                            connected_address,
+                            connected_port,
+                            originator_address,
+                            originator_port,
+                        )
+                        .await
+                    {
+                        Ok(channel) => {
+                            let channel_id = channel.id();
+                            println!(
+                                "Successfully opened forwarded-tcpip channel with ID: {}",
+                                channel_id
+                            );
+                        }
+                        Err(e) => {
+                            eprintln!("Failed to open forwarded-tcpip channel: {:?}", e);
+                            return Err(TestError::Server(format!(
+                                "Failed to open forwarded-tcpip channel: {:?}",
+                                e
+                            )));
+                        }
+                    }
+                } else {
+                    eprintln!("No server session handle available");
+                    return Err(TestError::Server(
+                        "No server session handle available".to_string(),
+                    ));
+                }
+
+                // Give some time for the channel opening to be processed
+                tokio::time::sleep(std::time::Duration::from_millis(100)).await;
+            }
+        }
+        Ok(())
+    }
+
+    async fn verify_events(
+        context: &TestContext,
+        expected_events: Vec<ExpectedEvent>,
+    ) -> Result<(), TestError> {
+        // Collect all events from both client and server
+        let server_events = context.server_events.lock().await;
+        let client_events = context.client_events.lock().await;
+
+        let mut all_events = Vec::new();
+        all_events.extend(server_events.iter().cloned());
+        all_events.extend(client_events.iter().cloned());
+
+        // Check exact length match
+        if all_events.len() != expected_events.len() {
+            eprintln!(
+                "Expected {} events, got {}",
+                expected_events.len(),
+                all_events.len()
+            );
+            eprintln!("Expected: {:?}", expected_events);
+            eprintln!("Actual: {:?}", all_events);
+            return Err(TestError::EventCountMismatch {
+                expected: expected_events.len(),
+                actual: all_events.len(),
+            });
+        }
+
+        // Check exact order and content match
+        for (i, (expected, actual)) in expected_events.iter().zip(all_events.iter()).enumerate() {
+            if expected != actual {
+                eprintln!("Event mismatch at position {}", i);
+                eprintln!("Expected: {:?}", expected);
+                eprintln!("Actual: {:?}", actual);
+                eprintln!("Full expected sequence: {:?}", expected_events);
+                eprintln!("Full actual sequence: {:?}", all_events);
+                return Err(TestError::EventMismatch {
+                    expected: expected.clone(),
+                    actual: actual.clone(),
+                });
+            }
+        }
+
+        Ok(())
+    }
+}
diff --git a/russh/src/tests/test_kex.rs b/russh/src/tests/test_kex.rs
new file mode 100644
index 00000000..2053216a
--- /dev/null
+++ b/russh/src/tests/test_kex.rs
@@ -0,0 +1,33 @@
+use super::test_framework::*;
+use crate::kex::ALL_KEX_ALGORITHMS;
+use crate::tests::test_init;
+use crate::tests::test_crypto::{test_crypto_with_config, CryptoTestConfig};
+
+#[tokio::test]
+async fn test_all_kex_algorithms() -> Result<(), TestError> {
+    test_init();
+
+    for &algorithm in ALL_KEX_ALGORITHMS {
+        if algorithm == &crate::kex::NONE {
+            continue;
+        }
+
+        println!("- {}", algorithm.as_ref());
+
+        // Test basic functionality
+        test_kex_algorithm(*algorithm)
+            .await
+            .map_err(|e| TestError::Client(format!("Failed testing {}: {}", algorithm.as_ref(), e)))
+            .unwrap();
+    }
+
+    Ok(())
+}
+
+/// Test basic authentication and session setup with a specific kex algorithm
+pub async fn test_kex_algorithm(kex_algorithm: crate::kex::Name) -> Result<(), TestError> {
+    let mut preferred = crate::Preferred::default();
+    preferred.kex = vec![kex_algorithm].into();
+
+    test_crypto_with_config(CryptoTestConfig::with_preferred(preferred)).await
+}
diff --git a/russh/src/tests/test_tcpip_channels.rs b/russh/src/tests/test_tcpip_channels.rs
new file mode 100644
index 00000000..2b7d78c6
--- /dev/null
+++ b/russh/src/tests/test_tcpip_channels.rs
@@ -0,0 +1,266 @@
+use super::test_framework::*;
+use crate::tests::test_init;
+use crate::ChannelId;
+
+/// Test direct-tcpip channel opening and basic data transfer
+#[tokio::test]
+async fn test_direct_tcpip_channel() {
+    test_init();
+
+    let context = TestFramework::setup().await.unwrap();
+
+    let actions = vec![
+        Action::ClientAuthenticate {
+            user: "testuser".to_string(),
+        },
+        Action::ClientOpenDirectTcpip {
+            host_to_connect: "127.0.0.1".to_string(),
+            port_to_connect: 8080,
+            originator_address: "192.168.1.100".to_string(),
+            originator_port: 12345,
+        },
+        Action::ClientSendData {
+            channel: ChannelId(0),
+            data: b"GET / HTTP/1.1\r\nHost: localhost\r\n\r\n".to_vec(),
+        },
+    ];
+
+    let expected_events = vec![
+        ExpectedEvent::ServerAuthPublickey {
+            user: "testuser".to_string(),
+        },
+        ExpectedEvent::ServerChannelOpenDirectTcpip {
+            host_to_connect: "127.0.0.1".to_string(),
+            port_to_connect: 8080,
+            originator_address: "192.168.1.100".to_string(),
+            originator_port: 12345,
+        },
+        ExpectedEvent::ServerData {
+            channel: ChannelId(2), // Channel IDs are assigned by russh internally
+            data: b"GET / HTTP/1.1\r\nHost: localhost\r\n\r\n".to_vec(),
+        },
+        ExpectedEvent::ClientCheckServerKey,
+    ];
+
+    TestFramework::run_test(context, actions, expected_events)
+        .await
+        .unwrap();
+}
+
+/// Test direct-tcpip channel with bidirectional data transfer
+#[tokio::test]
+async fn test_direct_tcpip_bidirectional() {
+    test_init();
+
+    let context = TestFramework::setup().await.unwrap();
+
+    let actions = vec![
+        Action::ClientAuthenticate {
+            user: "testuser".to_string(),
+        },
+        Action::ClientOpenDirectTcpip {
+            host_to_connect: "example.com".to_string(),
+            port_to_connect: 443,
+            originator_address: "10.0.0.1".to_string(),
+            originator_port: 54321,
+        },
+        Action::ClientSendData {
+            channel: ChannelId(0),
+            data: b"Hello from client".to_vec(),
+        },
+        // Server sends data back after receiving client data
+        Action::ServerSendData {
+            channel: ChannelId(2), // Use the actual channel ID that will be assigned
+            data: b"Hello from server".to_vec(),
+        },
+    ];
+
+    let expected_events = vec![
+        ExpectedEvent::ServerAuthPublickey {
+            user: "testuser".to_string(),
+        },
+        ExpectedEvent::ServerChannelOpenDirectTcpip {
+            host_to_connect: "example.com".to_string(),
+            port_to_connect: 443,
+            originator_address: "10.0.0.1".to_string(),
+            originator_port: 54321,
+        },
+        ExpectedEvent::ServerData {
+            channel: ChannelId(2), // Channel IDs are assigned by russh internally
+            data: b"Hello from client".to_vec(),
+        },
+        ExpectedEvent::ClientCheckServerKey,
+        ExpectedEvent::ClientData {
+            channel: ChannelId(2), // Channel IDs are assigned by russh internally
+            data: b"Hello from server".to_vec(),
+        },
+    ];
+
+    TestFramework::run_test(context, actions, expected_events)
+        .await
+        .unwrap();
+}
+
+/// Test direct-tcpip channel closure
+#[tokio::test]
+async fn test_direct_tcpip_channel_close() {
+    test_init();
+
+    let context = TestFramework::setup().await.unwrap();
+
+    let actions = vec![
+        Action::ClientAuthenticate {
+            user: "testuser".to_string(),
+        },
+        Action::ClientOpenDirectTcpip {
+            host_to_connect: "192.168.1.1".to_string(),
+            port_to_connect: 22,
+            originator_address: "172.16.0.1".to_string(),
+            originator_port: 40000,
+        },
+        Action::ClientSendData {
+            channel: ChannelId(0),
+            data: b"test data".to_vec(),
+        },
+        Action::ClientCloseChannel {
+            channel: ChannelId(0),
+        },
+    ];
+
+    let expected_events = vec![
+        ExpectedEvent::ServerAuthPublickey {
+            user: "testuser".to_string(),
+        },
+        ExpectedEvent::ServerChannelOpenDirectTcpip {
+            host_to_connect: "192.168.1.1".to_string(),
+            port_to_connect: 22,
+            originator_address: "172.16.0.1".to_string(),
+            originator_port: 40000,
+        },
+        ExpectedEvent::ServerData {
+            channel: ChannelId(2), // Channel IDs are assigned by russh internally
+            data: b"test data".to_vec(),
+        },
+        ExpectedEvent::ServerChannelClose {
+            channel: ChannelId(2), // Channel IDs are assigned by russh internally
+        },
+        ExpectedEvent::ClientCheckServerKey,
+    ];
+
+    TestFramework::run_test(context, actions, expected_events)
+        .await
+        .unwrap();
+}
+
+/// Test multiple concurrent direct-tcpip channels
+#[tokio::test]
+async fn test_multiple_direct_tcpip_channels() {
+    test_init();
+
+    let context = TestFramework::setup().await.unwrap();
+
+    let actions = vec![
+        Action::ClientAuthenticate {
+            user: "testuser".to_string(),
+        },
+        // First channel
+        Action::ClientOpenDirectTcpip {
+            host_to_connect: "host1.example.com".to_string(),
+            port_to_connect: 80,
+            originator_address: "client.local".to_string(),
+            originator_port: 50000,
+        },
+        // Second channel
+        Action::ClientOpenDirectTcpip {
+            host_to_connect: "host2.example.com".to_string(),
+            port_to_connect: 443,
+            originator_address: "client.local".to_string(),
+            originator_port: 50001,
+        },
+        // Send data to both channels
+        Action::ClientSendData {
+            channel: ChannelId(0),
+            data: b"data for channel 1".to_vec(),
+        },
+        Action::ClientSendData {
+            channel: ChannelId(1),
+            data: b"data for channel 2".to_vec(),
+        },
+    ];
+
+    let expected_events = vec![
+        ExpectedEvent::ServerAuthPublickey {
+            user: "testuser".to_string(),
+        },
+        ExpectedEvent::ServerChannelOpenDirectTcpip {
+            host_to_connect: "host1.example.com".to_string(),
+            port_to_connect: 80,
+            originator_address: "client.local".to_string(),
+            originator_port: 50000,
+        },
+        ExpectedEvent::ServerChannelOpenDirectTcpip {
+            host_to_connect: "host2.example.com".to_string(),
+            port_to_connect: 443,
+            originator_address: "client.local".to_string(),
+            originator_port: 50001,
+        },
+        ExpectedEvent::ServerData {
+            channel: ChannelId(2), // First channel
+            data: b"data for channel 1".to_vec(),
+        },
+        ExpectedEvent::ServerData {
+            channel: ChannelId(3), // Second channel
+            data: b"data for channel 2".to_vec(),
+        },
+        ExpectedEvent::ClientCheckServerKey,
+    ];
+
+    TestFramework::run_test(context, actions, expected_events)
+        .await
+        .unwrap();
+}
+
+// Note: For forwarded-tcpip tests, we would need to extend the test framework
+// to support server-initiated channel opening actions. The current framework
+// focuses on client-initiated actions. Here's a placeholder test structure:
+
+/// Test forwarded-tcpip channel (server-initiated)
+#[tokio::test]
+async fn test_forwarded_tcpip_channel() {
+    test_init();
+
+    let context = TestFramework::setup().await.unwrap();
+
+    let actions = vec![
+        Action::ClientAuthenticate {
+            user: "testuser".to_string(),
+        },
+        // First establish a session channel to get the server session handle
+        Action::ClientOpenSession,
+        // Now the server can initiate a forwarded-tcpip channel
+        Action::ServerOpenForwardedTcpip {
+            connected_address: "127.0.0.1".to_string(),
+            connected_port: 8080,
+            originator_address: "remote.host".to_string(),
+            originator_port: 12345,
+        },
+    ];
+
+    let expected_events = vec![
+        ExpectedEvent::ServerAuthPublickey {
+            user: "testuser".to_string(),
+        },
+        ExpectedEvent::ServerChannelOpenSession,
+        ExpectedEvent::ClientCheckServerKey,
+        ExpectedEvent::ClientServerChannelOpenForwardedTcpip {
+            connected_address: "127.0.0.1".to_string(),
+            connected_port: 8080,
+            originator_address: "remote.host".to_string(),
+            originator_port: 12345,
+        },
+    ];
+
+    TestFramework::run_test(context, actions, expected_events)
+        .await
+        .unwrap();
+}