Mail Archives: cygwin/2019/06/25/09:46:56

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2019/06/25/09:46:56

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:from:to:subject:date:message-id:content-type

:content-transfer-encoding:mime-version; q=dns; s=default; b=vHJ

qt3C4TUyfPxOr5IiN/AiVangZC5MaRisip52XGYljM9jmfM3Va6s1yYBVnp7QePR

g/x9D0fyni/3DWjf28I4izyvxdUKmcJiIVa9Btz/sX/tECyMBrjSqRD45LegmGEJ

xtxZZ3yqDtr9A5CRnCXNkMPIKzRQIffUovNdlVwo=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:from:to:subject:date:message-id:content-type

:content-transfer-encoding:mime-version; s=default; bh=wrr1Vm2qG

md/40cUFOyWWj1kbLM=; b=tv7UE/5LcY1//6KvKugfmJG+Sc+Za66joUmSx2NzC

nbMQUgbl3SSv/Ub0nTUOhU69mWiwoPNRDMewiI/hhDx0Z++csRVTJiV+aRvou3C9

q9yB+kFW3SINFBYHY4wfeBiJhTuhghsM3NCr9EjDUlcVAiZEefC0bD/0FkLZSn+5

mE=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Spam-SWARE-Status: No, score=1.3 required=5.0 tests=AWL,BAYES_50,KAM_NUMSUBJECT autolearn=no version=3.3.1 spammy=zip, ssl, UD:gz, OpenSSH

X-HELO: mail.aacisd.com

From: "Pinzone, Gerard" <GPinzone AT aaccorp DOT com>

To: "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>

Subject: Re: OpenSSH FIPS 140-2

Date: Tue, 25 Jun 2019 13:45:06 +0000

Message-ID: <ef3aa80d58bf4c49b270264b494c77c2@aaccorp.com>

MIME-Version: 1.0

X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id x5PDkbQp021231

I was able to build OpenSSL with FIPS and OpenSSH using those OpenSSL libraries from scratch and install on 32-bit Cygwin.

I'm documenting what I did here and would like some feedback. 

Install Cygwin 32-bit with the following extras:
-----------------------------------------------

Rollback OpenSSL to latest 1.0.2
zlib (all)
Perl (all)
zip
unzip
gcc-g++
make

Extract all files:
-----------------

tar -zxvf openssl-fips-2.0.16.tar.gz
tar -zxvf openssl-1.0.2s.tar.gz
tar -zxvf openssh-8.0p1.tar.gz

Build OpenSSL:
-------------

cd openssl-fips-2.0.16

./config
make
make install

cd ../openssl-1.0.2s

./config fips --with-fipsdir=/usr/local/ssl/fips-2.0
make depend
make
make install

cd apps

Verify build:
------------

./openssl version -a

Install OpenSSL:
---------------

mv /usr/bin/openssl.exe /usr/bin/openssl.exe.old
cp openssl.exe /usr/bin/openssl.exe

Build OpenSSH:
-------------

cd ~/openssh-8.0p1

./configure --with-ssl-dir=/usr/local/ssl --with-ssl-engine
make
make install

Install OpenSSH:
---------------

cp scp.exe /usr/bin/.
cp sftp.exe /usr/bin/.
cp sftp-server.exe /usr/sbin/.
cp ssh.exe /usr/bin/.
cp ssh-add.exe /usr/bin/.
cp ssh-agent.exe /usr/bin/.
cp sshd.exe /usr/sbin/.
cp ssh-keygen.exe /usr/bin/.
cp ssh-keyscan.exe /usr/bin/.
cp ssh-keysign.exe /usr/sbin/.
cp ssh-pkcs11-helper.exe /usr/sbin/.


Verify ssh:
----------

ssh -vvv localhost

Configure sshd:
--------------

ssh-host-config -y
cygrunsrv -S cygsshd

Generate keys:
-------------

ssh-keygen

Test sshd:
---------

ssh localhost

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id:content-type
	:content-transfer-encoding:mime-version; q=dns; s=default; b=vHJ
	qt3C4TUyfPxOr5IiN/AiVangZC5MaRisip52XGYljM9jmfM3Va6s1yYBVnp7QePR
	g/x9D0fyni/3DWjf28I4izyvxdUKmcJiIVa9Btz/sX/tECyMBrjSqRD45LegmGEJ
	xtxZZ3yqDtr9A5CRnCXNkMPIKzRQIffUovNdlVwo=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id:content-type
	:content-transfer-encoding:mime-version; s=default; bh=wrr1Vm2qG
	md/40cUFOyWWj1kbLM=; b=tv7UE/5LcY1//6KvKugfmJG+Sc+Za66joUmSx2NzC
	nbMQUgbl3SSv/Ub0nTUOhU69mWiwoPNRDMewiI/hhDx0Z++csRVTJiV+aRvou3C9
	q9yB+kFW3SINFBYHY4wfeBiJhTuhghsM3NCr9EjDUlcVAiZEefC0bD/0FkLZSn+5
	mE=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=1.3 required=5.0 tests=AWL,BAYES_50,KAM_NUMSUBJECT autolearn=no version=3.3.1 spammy=zip, ssl, UD:gz, OpenSSH
X-HELO:	mail.aacisd.com
From:	"Pinzone, Gerard" <GPinzone AT aaccorp DOT com>
To:	"cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Subject:	Re: OpenSSH FIPS 140-2
Date:	Tue, 25 Jun 2019 13:45:06 +0000
Message-ID:	<ef3aa80d58bf4c49b270264b494c77c2@aaccorp.com>
MIME-Version:	1.0
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id x5PDkbQp021231