Compiling OpenSSH with OpenSSL-fips 0.9.8o on Windows

Peter Stuge peter at stuge.se
Sat Jul 24 02:37:08 EST 2010


Bryan wrote:
> > In short, please provide more information.
> 
> We are looking to create scp/sftp executables that will allow us to
> send updates to Linux. sftp is more important than having terminal
> emulation, as I need the ability to script the transfer from one to
> another.

I understand! Then perhaps you could make use of libssh2 which is
very easy to work with on Windows and allows good programmatic
control over things SSH, including SFTP. Since libssh2 is a library
it would probably require you to do a little bit of programming
(there are some very simple examples that you might be able to use)
but if you want automated control over SFTP transfers then a custom
program may be the best tool for the job anyway. libssh2 uses either
libgcrypt or OpenSSL for crypto, so will work well with your
FIPS-enabled OpenSSL. More info at http://libssh2.org/


> As I said earlier, we are using WRQ Reflections for our transfer,
> but it requires us to buy a license for each box we install it on,
> and that gets expensive.

Unfortunately I don't know anything about that product. IIRC there
was at some point a Reflection-X product, an X server for Windows, so
I guessed that it was some kind of remote access application similar
to PuTTY..


> Someone must have run into this issue before, or does no one need
> FIPS enabled software?  If OpenSSH just needs to link to an
> FIPS-OpenSSL, then I'm all good.

OpenSSH can be built without any other dependencies, so this could
certainly be one path to success.


> I just need to figure out how to build OpenSSH with a link to the
> already build OpenSSL libs in cygwin.

It's just ./configure with appropriate flags and then make.

Run ./configure --help to learn about the supported flags. You'll
probably need to worry only about the --enable-* --disable-* --with-*
--without-* ones.


//Peter


More information about the openssh-unix-dev mailing list