I know that the fedora package for OpenSSH enables FIPS support. If you
get the source code for the rpm you'll see openssh-7.7p1-fips.patch in
the rpmbuild/SOURCE directory.
Also, you may want to look at hpnssh (That's my fork of OpenSSH so I am
biased but I think it's pretty good). https://psc.edu/hpn-ssh-home/ and
https://github.com/rapier1/openssh-portable. The latest version uses
OSSL3 and there is a fedora package which is based on the fedora OpenSSH
package. So it includes all of their patches as well.
You can find that at
https://copr.fedorainfracloud.org/coprs/rapier1/hpnssh/ or you can add
it to your package repo with 'sudo dnf copr enable rapier1/hpnssh' and
then download the source or binary via DNF. You can review the FIPS
compliance there and see what you thing.
If you are on debian I don't have a debian package that include FIPS
support but it may be possible to use the fedora package and compile it
under debian. I've never tried though.
Chris
On 3/10/23 10:22 AM, Joel GUITTET wrote:
Hi,
We currently work on a project that require SSH server with FIPS and using OpenSSL v3.
Patching OpenSSH for this looks to be a massive job. Is it something that is considered on your side?
Is it currently a work in progress by somebody else as far as you know? Or something that has been partially done and aborded in the past, that could be relevant?
We just started considering making this and send the patch, but we are speaking of thousands of lines probably, what will be the perception of this on your side?
Thanks,
Joel
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
