Shasi Pulijala wrote:
I am trying to use Openssh(openssh-5.2p1) with Openssl (0.9.8i) engine support thus providing HW offload for cipher and hash operations into my Crypto driver.
What kind of crypto hardware on what operating system?
But for some reason when I run the sshd I am not able to connect any ssh clients to it. When I run the sshd I do see some hash operations going into the crypto HW driver, but ultimately I am not sure why the ssl client would not be able to connect to it.
Define "not able to connect"? There's an error message? If so, what? If you connect with debugging ("ssh -vvv server") what does it say?
Also if I remove the Engine support for Openssl (having it to follow the normal cipher and hash)
Which ciphers work and which don't?
I am able to connect the clients and all is fine. But its only when I use the engine offload I have a problem.
Does using the client and server compiled with engine support work together?
I have tested Openssl (by running normal openssl commands) with engine support and that works fine.
How did you test it, and did you test interoperation with another implementation (eg the software implementation of the same ciphers)?
Are there any known issues of openssh working with Openssl engine or am I missing some configuration. Any suggestions what could be the problem or what could be done..
On the OpenSSH side all it does is call the OpenSSL functions ENGINE_load_builtin_engines() and ENGINE_register_all_complete() so I would be looking on the OpenSSL side.
-- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.