From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 83621 invoked by alias); 25 Jun 2019 13:45:58 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 83459 invoked by uid 89); 25 Jun 2019 13:45:40 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=1.3 required=5.0 tests=AWL,BAYES_50,KAM_NUMSUBJECT autolearn=no version=3.3.1 spammy=zip, ssl, UD:gz, OpenSSH X-HELO: mail.aacisd.com Received: from mail.aacisd.com (HELO mail.aacisd.com) (63.144.132.75) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 25 Jun 2019 13:45:20 +0000 From: "Pinzone, Gerard" To: "cygwin@cygwin.com" Subject: Re: OpenSSH FIPS 140-2 Date: Tue, 25 Jun 2019 13:45:00 -0000 Message-ID: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-SW-Source: 2019-06/txt/msg00216.txt.bz2 I was able to build OpenSSL with FIPS and OpenSSH using those OpenSSL libra= ries from scratch and install on 32-bit Cygwin. I'm documenting what I did here and would like some feedback.=20 Install Cygwin 32-bit with the following extras: ----------------------------------------------- Rollback OpenSSL to latest 1.0.2 zlib (all) Perl (all) zip unzip gcc-g++ make Extract all files: ----------------- tar -zxvf openssl-fips-2.0.16.tar.gz tar -zxvf openssl-1.0.2s.tar.gz tar -zxvf openssh-8.0p1.tar.gz Build OpenSSL: ------------- cd openssl-fips-2.0.16 ./config make make install cd ../openssl-1.0.2s ./config fips --with-fipsdir=3D/usr/local/ssl/fips-2.0 make depend make make install cd apps Verify build: ------------ ./openssl version -a Install OpenSSL: --------------- mv /usr/bin/openssl.exe /usr/bin/openssl.exe.old cp openssl.exe /usr/bin/openssl.exe Build OpenSSH: ------------- cd ~/openssh-8.0p1 ./configure --with-ssl-dir=3D/usr/local/ssl --with-ssl-engine make make install Install OpenSSH: --------------- cp scp.exe /usr/bin/. cp sftp.exe /usr/bin/. cp sftp-server.exe /usr/sbin/. cp ssh.exe /usr/bin/. cp ssh-add.exe /usr/bin/. cp ssh-agent.exe /usr/bin/. cp sshd.exe /usr/sbin/. cp ssh-keygen.exe /usr/bin/. cp ssh-keyscan.exe /usr/bin/. cp ssh-keysign.exe /usr/sbin/. cp ssh-pkcs11-helper.exe /usr/sbin/. Verify ssh: ---------- ssh -vvv localhost Configure sshd: -------------- ssh-host-config -y cygrunsrv -S cygsshd Generate keys: ------------- ssh-keygen Test sshd: --------- ssh localhost -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple