Compiling OpenSSH with OpenSSL-fips 0.9.8o on Windows

Bryan brakeb at gmail.com
Fri Jul 23 23:31:33 EST 2010


My office is currently using WRQ Reflections as it was FIPS compliant.
 But this option is an expense that we'd like to get rid of if
possible.  Putty is not an option for us since it uses it's own
OpenSSL libs and we need it FIPS enabled. I've been able to build
OpenSSL 0.9.8o and enable the fipcanister.lib and create the openssl
executables and libraries.  I've been able to find instructions on how
to build OpenSSH at this site:

http://www.nomachine.com/ar/view.php?ar_id=AR05H00563

and here:

http://www.cs.bham.ac.uk/~smp/projects/ssh-windows/compile/

But I can't tell if either method is the correct one for building
using cygwin.  When I looked through the Configure script for OpenSSH,
I did not find anything "FIPS" related to be able to point my build to
it.  Can I assume that just linking to my FIPS-enabled OpenSSL is
enough to FIPS enable OpenSSH?

And if someone has a non-vendor or more current version of how to
build OpenSSH online, could you provide a link?  I would greatly
appreciate it.

Thanks,
Bryan Brake


More information about the openssh-unix-dev mailing list