OpenSSH fips compliance

Stephen John Smoogen smooge at gmail.com
Sun Apr 16 10:38:55 EST 2006


On 4/15/06, Senthil Kumar <senthilkumar_sen at hotpop.com> wrote:
> Hello All,
>
> Im using OpenSSH 4.2p1 statically linked with OpenSSL 0.9.7i. It looks now
> that a fips certified OpenSSL is now available at
> http://www.openssl.org/source/OpenSSL-fips-1.0.tar.gz . I like to know of
> any patches applicable for OpenSSH versions to make it fips compliant. Is
> there any idea for OpenSSH core team to make OpenSSH as fips compliant? What
> amount of work it needs at this point? I and some of my colleagues wish to
> contribute for it.
>

Ok.. I am not a member of the SSH team.. I just am dealing with FIPS
items currently where I work.

Which FIPS are you meaning to be compliant with? There are multiple of
them that could potentially cover OpenSSH. Second who is the
sponsoring Federal agency for FIPS compliance? From what I can tell..
it would be a bigger point for OpenSSH to have a solid financial floor
versus any sort of 'compliance' work.




--
Stephen J Smoogen.
CSIRT/Linux System Administrator




More information about the openssh-unix-dev mailing list