Shasi Pulijala wrote:
I am trying to use Openssh(openssh-5.2p1) with Openssl (0.9.8i)
engine support thus providing HW offload for cipher and hash
operations into my Crypto driver.
What kind of crypto hardware on what operating system?
But for some reason when I run the
sshd I am not able to connect any ssh clients to it. When I run the
sshd I do see some hash operations going into the crypto HW driver,
but ultimately I am not sure why the ssl client would not be able to
connect to it.
Define "not able to connect"? There's an error message? If so, what?
If you connect with debugging ("ssh -vvv server") what does it say?
Also if I remove the Engine support for Openssl
(having it to follow the normal cipher and hash)
Which ciphers work and which don't?
I am able to connect
the clients and all is fine. But its only when I use the engine
offload I have a problem.
Does using the client and server compiled with engine support work together?
I have tested Openssl (by running normal
openssl commands) with engine support and that works fine.
How did you test it, and did you test interoperation with another
implementation (eg the software implementation of the same ciphers)?
Are there
any known issues of openssh working with Openssl engine or am I
missing some configuration. Any suggestions what could be the problem
or what could be done..
On the OpenSSH side all it does is call the OpenSSL functions
ENGINE_load_builtin_engines() and ENGINE_register_all_complete() so I
would be looking on the OpenSSL side.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
