This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: OpenSSH FIPS 140-2
- From: "Pinzone, Gerard" <GPinzone at aaccorp dot com>
- To: "cygwin at cygwin dot com" <cygwin at cygwin dot com>
- Date: Tue, 25 Jun 2019 13:45:06 +0000
- Subject: Re: OpenSSH FIPS 140-2
I was able to build OpenSSL with FIPS and OpenSSH using those OpenSSL libraries from scratch and install on 32-bit Cygwin.
I'm documenting what I did here and would like some feedback.
Install Cygwin 32-bit with the following extras:
-----------------------------------------------
Rollback OpenSSL to latest 1.0.2
zlib (all)
Perl (all)
zip
unzip
gcc-g++
make
Extract all files:
-----------------
tar -zxvf openssl-fips-2.0.16.tar.gz
tar -zxvf openssl-1.0.2s.tar.gz
tar -zxvf openssh-8.0p1.tar.gz
Build OpenSSL:
-------------
cd openssl-fips-2.0.16
./config
make
make install
cd ../openssl-1.0.2s
./config fips --with-fipsdir=/usr/local/ssl/fips-2.0
make depend
make
make install
cd apps
Verify build:
------------
./openssl version -a
Install OpenSSL:
---------------
mv /usr/bin/openssl.exe /usr/bin/openssl.exe.old
cp openssl.exe /usr/bin/openssl.exe
Build OpenSSH:
-------------
cd ~/openssh-8.0p1
./configure --with-ssl-dir=/usr/local/ssl --with-ssl-engine
make
make install
Install OpenSSH:
---------------
cp scp.exe /usr/bin/.
cp sftp.exe /usr/bin/.
cp sftp-server.exe /usr/sbin/.
cp ssh.exe /usr/bin/.
cp ssh-add.exe /usr/bin/.
cp ssh-agent.exe /usr/bin/.
cp sshd.exe /usr/sbin/.
cp ssh-keygen.exe /usr/bin/.
cp ssh-keyscan.exe /usr/bin/.
cp ssh-keysign.exe /usr/sbin/.
cp ssh-pkcs11-helper.exe /usr/sbin/.
Verify ssh:
----------
ssh -vvv localhost
Configure sshd:
--------------
ssh-host-config -y
cygrunsrv -S cygsshd
Generate keys:
-------------
ssh-keygen
Test sshd:
---------
ssh localhost
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple