X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:content-type :content-transfer-encoding:mime-version; q=dns; s=default; b=vHJ qt3C4TUyfPxOr5IiN/AiVangZC5MaRisip52XGYljM9jmfM3Va6s1yYBVnp7QePR g/x9D0fyni/3DWjf28I4izyvxdUKmcJiIVa9Btz/sX/tECyMBrjSqRD45LegmGEJ xtxZZ3yqDtr9A5CRnCXNkMPIKzRQIffUovNdlVwo= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:content-type :content-transfer-encoding:mime-version; s=default; bh=wrr1Vm2qG md/40cUFOyWWj1kbLM=; b=tv7UE/5LcY1//6KvKugfmJG+Sc+Za66joUmSx2NzC nbMQUgbl3SSv/Ub0nTUOhU69mWiwoPNRDMewiI/hhDx0Z++csRVTJiV+aRvou3C9 q9yB+kFW3SINFBYHY4wfeBiJhTuhghsM3NCr9EjDUlcVAiZEefC0bD/0FkLZSn+5 mE= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=1.3 required=5.0 tests=AWL,BAYES_50,KAM_NUMSUBJECT autolearn=no version=3.3.1 spammy=zip, ssl, UD:gz, OpenSSH X-HELO: mail.aacisd.com From: "Pinzone, Gerard" To: "cygwin@cygwin.com" Subject: Re: OpenSSH FIPS 140-2 Date: Tue, 25 Jun 2019 13:45:06 +0000 Message-ID: Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id x5PDkbQp021231 I was able to build OpenSSL with FIPS and OpenSSH using those OpenSSL libraries from scratch and install on 32-bit Cygwin. I'm documenting what I did here and would like some feedback. Install Cygwin 32-bit with the following extras: ----------------------------------------------- Rollback OpenSSL to latest 1.0.2 zlib (all) Perl (all) zip unzip gcc-g++ make Extract all files: ----------------- tar -zxvf openssl-fips-2.0.16.tar.gz tar -zxvf openssl-1.0.2s.tar.gz tar -zxvf openssh-8.0p1.tar.gz Build OpenSSL: ------------- cd openssl-fips-2.0.16 ./config make make install cd ../openssl-1.0.2s ./config fips --with-fipsdir=/usr/local/ssl/fips-2.0 make depend make make install cd apps Verify build: ------------ ./openssl version -a Install OpenSSL: --------------- mv /usr/bin/openssl.exe /usr/bin/openssl.exe.old cp openssl.exe /usr/bin/openssl.exe Build OpenSSH: ------------- cd ~/openssh-8.0p1 ./configure --with-ssl-dir=/usr/local/ssl --with-ssl-engine make make install Install OpenSSH: --------------- cp scp.exe /usr/bin/. cp sftp.exe /usr/bin/. cp sftp-server.exe /usr/sbin/. cp ssh.exe /usr/bin/. cp ssh-add.exe /usr/bin/. cp ssh-agent.exe /usr/bin/. cp sshd.exe /usr/sbin/. cp ssh-keygen.exe /usr/bin/. cp ssh-keyscan.exe /usr/bin/. cp ssh-keysign.exe /usr/sbin/. cp ssh-pkcs11-helper.exe /usr/sbin/. Verify ssh: ---------- ssh -vvv localhost Configure sshd: -------------- ssh-host-config -y cygrunsrv -S cygsshd Generate keys: ------------- ssh-keygen Test sshd: --------- ssh localhost -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple