OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
security veteran
security.veteran at gmail.com
Fri Dec 4 13:26:05 AEDT 2015
Hi All:
I tried to rebuild openssl with the FIPS modules, and then install the new
openssl libs (lib crypto.so to be specific) on my Ubuntu 12.04 box.
After that I noticed it seemed to break OpenSSH: I couldn't login to the
box using ssh, and couldn't run the client command like ssh-keygen either.
My questions are:
1. Does OpenSSH support FIPS mode?
2. Or does OpenSSH support with OpenSSL FIPS modules?
3. Is there a way to re-compile OpenSSH by turning on/off some flags to
make it FIPS complaint?
4. Does the RedHat OpenSSH FIPS modules (
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf)
also open sourced to the OpenSSH community?
Thanks.
More information about the openssh-unix-dev
mailing list