X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id:content-type
	:content-transfer-encoding:mime-version; q=dns; s=default; b=vHJ
	qt3C4TUyfPxOr5IiN/AiVangZC5MaRisip52XGYljM9jmfM3Va6s1yYBVnp7QePR
	g/x9D0fyni/3DWjf28I4izyvxdUKmcJiIVa9Btz/sX/tECyMBrjSqRD45LegmGEJ
	xtxZZ3yqDtr9A5CRnCXNkMPIKzRQIffUovNdlVwo=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id:content-type
	:content-transfer-encoding:mime-version; s=default; bh=wrr1Vm2qG
	md/40cUFOyWWj1kbLM=; b=tv7UE/5LcY1//6KvKugfmJG+Sc+Za66joUmSx2NzC
	nbMQUgbl3SSv/Ub0nTUOhU69mWiwoPNRDMewiI/hhDx0Z++csRVTJiV+aRvou3C9
	q9yB+kFW3SINFBYHY4wfeBiJhTuhghsM3NCr9EjDUlcVAiZEefC0bD/0FkLZSn+5
	mE=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=1.3 required=5.0 tests=AWL,BAYES_50,KAM_NUMSUBJECT autolearn=no version=3.3.1 spammy=zip, ssl, UD:gz, OpenSSH
X-HELO: mail.aacisd.com
From: "Pinzone, Gerard" <GPinzone AT aaccorp DOT com>
To: "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Subject: Re: OpenSSH FIPS 140-2
Date: Tue, 25 Jun 2019 13:45:06 +0000
Message-ID: <ef3aa80d58bf4c49b270264b494c77c2@aaccorp.com>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id x5PDkbQp021231

I was able to build OpenSSL with FIPS and OpenSSH using those OpenSSL libraries from scratch and install on 32-bit Cygwin.

I'm documenting what I did here and would like some feedback. 

Install Cygwin 32-bit with the following extras:
-----------------------------------------------

Rollback OpenSSL to latest 1.0.2
zlib (all)
Perl (all)
zip
unzip
gcc-g++
make

Extract all files:
-----------------

tar -zxvf openssl-fips-2.0.16.tar.gz
tar -zxvf openssl-1.0.2s.tar.gz
tar -zxvf openssh-8.0p1.tar.gz

Build OpenSSL:
-------------

cd openssl-fips-2.0.16

./config
make
make install

cd ../openssl-1.0.2s

./config fips --with-fipsdir=/usr/local/ssl/fips-2.0
make depend
make
make install

cd apps

Verify build:
------------

./openssl version -a

Install OpenSSL:
---------------

mv /usr/bin/openssl.exe /usr/bin/openssl.exe.old
cp openssl.exe /usr/bin/openssl.exe

Build OpenSSH:
-------------

cd ~/openssh-8.0p1

./configure --with-ssl-dir=/usr/local/ssl --with-ssl-engine
make
make install

Install OpenSSH:
---------------

cp scp.exe /usr/bin/.
cp sftp.exe /usr/bin/.
cp sftp-server.exe /usr/sbin/.
cp ssh.exe /usr/bin/.
cp ssh-add.exe /usr/bin/.
cp ssh-agent.exe /usr/bin/.
cp sshd.exe /usr/sbin/.
cp ssh-keygen.exe /usr/bin/.
cp ssh-keyscan.exe /usr/bin/.
cp ssh-keysign.exe /usr/sbin/.
cp ssh-pkcs11-helper.exe /usr/sbin/.


Verify ssh:
----------

ssh -vvv localhost

Configure sshd:
--------------

ssh-host-config -y
cygrunsrv -S cygsshd

Generate keys:
-------------

ssh-keygen

Test sshd:
---------

ssh localhost

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple