I know that the fedora package for OpenSSH enables FIPS support. If you get the source code for the rpm you'll see openssh-7.7p1-fips.patch in the rpmbuild/SOURCE directory. Also, you may want to look at hpnssh (That's my fork of OpenSSH so I am biased but I think it's pretty good). https://psc.edu/hpn-ssh-home/ and https://github.com/rapier1/openssh-portable. The latest version uses OSSL3 and there is a fedora package which is based on the fedora OpenSSH package. So it includes all of their patches as well. You can find that at https://copr.fedorainfracloud.org/coprs/rapier1/hpnssh/ or you can add it to your package repo with 'sudo dnf copr enable rapier1/hpnssh' and then download the source or binary via DNF. You can review the FIPS compliance there and see what you thing. If you are on debian I don't have a debian package that include FIPS support but it may be possible to use the fedora package and compile it under debian. I've never tried though. Chris On 3/10/23 10:22 AM, Joel GUITTET wrote:> Hi, > We currently work on a project that require SSH server with FIPS and using OpenSSL v3. > Patching OpenSSH for this looks to be a massive job. Is it something that is considered on your side? > Is it currently a work in progress by somebody else as far as you know? Or something that has been partially done and aborded in the past, that could be relevant? > We just started considering making this and send the patch, but we are speaking of thousands of lines probably, what will be the perception of this on your side? > Thanks, > Joel > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev