Re: crypto with sshd
not installed. installing :) On Mon, Feb 14, 2011 at 8:35 PM, Marcy Cortes wrote: > Do you have on the openCrypto* packages? > > > Marcy > -Original Message- > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of > Rogério Soares > Sent: Monday, February 14, 2011 2:23 PM > To: LINUX-390@vm.marist.edu > Subject: Re: [LINUX-390] crypto with sshd > > another thing is SSHD cpu usage.. with or without, on large transfer cpu > usage is practicaly the same ... > > 2011/2/14 Rogério Soares > > > maybe i made some confusion here... > > > > i' can't get any call to libica, that is why a guess that is not working > > ... :-/ > > > > > > > > On Mon, Feb 14, 2011 at 7:56 PM, Marcy Cortes < > > marcy.d.cor...@wellsfargo.com> wrote: > > > >> Ok, good that works. > >> And you should seen some incrementing in all those zero's down at the > >> bottom of /proc/drivers/z90crypt, correct? > >> > >> And you don't see any on SSH leading you to believe its not working for > >> ssh? > >> > >> > >> > >> Marcy Cortes > >> > >> Operating Systems Engineer, z/VM and Linux on System z > >> Enterprise Hosting Services, Mainframe/Midrange Services > >> > >> Wells Fargo Bank | 201 Third Street | San Francisco, CA 94103 > >> MAC A0187-050 > >> Tel 415-477-6343 | Cell 415-517-0895 > >> > >> marcy.d.cor...@wellsfargo.com > >> > >> This message may contain confidential and/or privileged information. If > >> you are not the addressee or authorized to receive this for the > addressee, > >> you must not use, copy, disclose, or take any action based on this > message > >> or any information herein. If you have received this message in error, > >> please advise the sender immediately by reply e-mail and delete this > >> message. Thank you for your cooperation. > >> > >> > >> -Original Message- > >> From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of > >> Rogério Soares > >> Sent: Monday, February 14, 2011 1:41 PM > >> To: LINUX-390@vm.marist.edu > >> Subject: Re: [LINUX-390] crypto with sshd > >> > >> Marcy, > >> > >> with > >> > >> #openssl_conf = openssl_def > >> > >> > >> jbsp124:~ # openssl speed -evp des-ede3-cbc > >> Doing des-ede3-cbc for 3s on 16 size blocks: 4132050 des-ede3-cbc's in > >> 2.94s > >> Doing des-ede3-cbc for 3s on 64 size blocks: 1090654 des-ede3-cbc's in > >> 2.95s > >> Doing des-ede3-cbc for 3s on 256 size blocks: 276504 des-ede3-cbc's in > >> 2.97s > >> Doing des-ede3-cbc for 3s on 1024 size blocks: 69077 des-ede3-cbc's in > >> 2.96s > >> Doing des-ede3-cbc for 3s on 8192 size blocks: 8580 des-ede3-cbc's in > >> 2.94s > >> OpenSSL 0.9.8a 11 Oct 2005 > >> built on: Mon Jul 27 13:51:43 UTC 2009 > >> options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) > aes(partial) > >> blowfish(idx) > >> compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT > >> -DDSO_DLFCN > >> -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 > -fmessage-length=0 > >> -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall > >> -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM > >> available timing options: TIMES TIMEB HZ=100 [sysconf value] > >> timing function used: times > >> The 'numbers' are in 1000s of bytes per second processed. > >> type 16 bytes 64 bytes256 bytes 1024 bytes 8192 > >> bytes > >> des-ede3-cbc 22487.35k23661.65k23833.34k23896.91k > >> 23907.27k > >> > >> > >> with > >> > >> openssl_conf = openssl_def > >> > >> jbsp124:~ # vi /etc/ssl/openssl.cnf > >> jbsp124:~ # openssl speed -evp des-ede3-cbc > >> Doing des-ede3-cbc for 3s on 16 size blocks: 12827073 des-ede3-cbc's in > >> 2.97s > >> Doing des-ede3-cbc for 3s on 64 size blocks: 8270315 des-ede3-cbc's in > >> 2.97s > >> Doing des-ede3-cbc for 3s on 256 size blocks: 3360218 des-ede3-cbc's in > >> 2.97s > >> Doing des-ede3-cbc for 3s on 1024 size blocks: 1006040 des-ede3-cbc's in > >> 2.98s > >> Doing des-ede3-cbc for 3s on 8192 size blocks: 132563 des-ede3-cbc's in > >> 2.98s > >> OpenSSL 0.9.8a 11 Oct 2005 > >> built on: Mon Jul 27 13:51:43 UTC 2009 > >> options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) > aes(partial) > >> blowfish(idx) > >> compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT > >> -DDSO_DLFCN > >> -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 > -fmessage-length=0 > >> -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall > >> -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM > >> available timing options: TIMES TIMEB HZ=100 [sysconf value] > >> timing function used: times > >> The 'numbers' are in 1000s of bytes per second processed. > >> type 16 bytes 64 bytes256 bytes 1024 bytes 8192 > >> bytes > >> des-ede3-cbc 69102.08k 178215.54k 289634.95k 345699.65k > >> 364414.80k > >> jbsp124:~ # > >> > >> > >> > >> > >> On Mon, Feb 14, 2011 at 7:19 PM, Marcy Cortes < > >> marcy.d.cor...@wellsfargo.com > >> > wrote: > >> > >> > You have
Re: crypto with sshd
Do you have on the openCrypto* packages? Marcy -Original Message- From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of Rogério Soares Sent: Monday, February 14, 2011 2:23 PM To: LINUX-390@vm.marist.edu Subject: Re: [LINUX-390] crypto with sshd another thing is SSHD cpu usage.. with or without, on large transfer cpu usage is practicaly the same ... 2011/2/14 Rogério Soares > maybe i made some confusion here... > > i' can't get any call to libica, that is why a guess that is not working > ... :-/ > > > > On Mon, Feb 14, 2011 at 7:56 PM, Marcy Cortes < > marcy.d.cor...@wellsfargo.com> wrote: > >> Ok, good that works. >> And you should seen some incrementing in all those zero's down at the >> bottom of /proc/drivers/z90crypt, correct? >> >> And you don't see any on SSH leading you to believe its not working for >> ssh? >> >> >> >> Marcy Cortes >> >> Operating Systems Engineer, z/VM and Linux on System z >> Enterprise Hosting Services, Mainframe/Midrange Services >> >> Wells Fargo Bank | 201 Third Street | San Francisco, CA 94103 >> MAC A0187-050 >> Tel 415-477-6343 | Cell 415-517-0895 >> >> marcy.d.cor...@wellsfargo.com >> >> This message may contain confidential and/or privileged information. If >> you are not the addressee or authorized to receive this for the addressee, >> you must not use, copy, disclose, or take any action based on this message >> or any information herein. If you have received this message in error, >> please advise the sender immediately by reply e-mail and delete this >> message. Thank you for your cooperation. >> >> >> -Original Message- >> From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of >> Rogério Soares >> Sent: Monday, February 14, 2011 1:41 PM >> To: LINUX-390@vm.marist.edu >> Subject: Re: [LINUX-390] crypto with sshd >> >> Marcy, >> >> with >> >> #openssl_conf = openssl_def >> >> >> jbsp124:~ # openssl speed -evp des-ede3-cbc >> Doing des-ede3-cbc for 3s on 16 size blocks: 4132050 des-ede3-cbc's in >> 2.94s >> Doing des-ede3-cbc for 3s on 64 size blocks: 1090654 des-ede3-cbc's in >> 2.95s >> Doing des-ede3-cbc for 3s on 256 size blocks: 276504 des-ede3-cbc's in >> 2.97s >> Doing des-ede3-cbc for 3s on 1024 size blocks: 69077 des-ede3-cbc's in >> 2.96s >> Doing des-ede3-cbc for 3s on 8192 size blocks: 8580 des-ede3-cbc's in >> 2.94s >> OpenSSL 0.9.8a 11 Oct 2005 >> built on: Mon Jul 27 13:51:43 UTC 2009 >> options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial) >> blowfish(idx) >> compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT >> -DDSO_DLFCN >> -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0 >> -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall >> -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM >> available timing options: TIMES TIMEB HZ=100 [sysconf value] >> timing function used: times >> The 'numbers' are in 1000s of bytes per second processed. >> type 16 bytes 64 bytes256 bytes 1024 bytes 8192 >> bytes >> des-ede3-cbc 22487.35k23661.65k23833.34k23896.91k >> 23907.27k >> >> >> with >> >> openssl_conf = openssl_def >> >> jbsp124:~ # vi /etc/ssl/openssl.cnf >> jbsp124:~ # openssl speed -evp des-ede3-cbc >> Doing des-ede3-cbc for 3s on 16 size blocks: 12827073 des-ede3-cbc's in >> 2.97s >> Doing des-ede3-cbc for 3s on 64 size blocks: 8270315 des-ede3-cbc's in >> 2.97s >> Doing des-ede3-cbc for 3s on 256 size blocks: 3360218 des-ede3-cbc's in >> 2.97s >> Doing des-ede3-cbc for 3s on 1024 size blocks: 1006040 des-ede3-cbc's in >> 2.98s >> Doing des-ede3-cbc for 3s on 8192 size blocks: 132563 des-ede3-cbc's in >> 2.98s >> OpenSSL 0.9.8a 11 Oct 2005 >> built on: Mon Jul 27 13:51:43 UTC 2009 >> options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial) >> blowfish(idx) >> compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT >> -DDSO_DLFCN >> -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0 >> -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall >> -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM >> available timing options: TIMES TIMEB HZ=100 [sysconf value] >> timing function used: times >> The 'numbers' are in 1000s of bytes per second processed. >> type 16 bytes 64 bytes256 bytes 1024 bytes 8192 >> bytes >> des-ede3-cbc 69102.08k 178215.54k 289634.95k 345699.65k >> 364414.80k >> jbsp124:~ # >> >> >> >> >> On Mon, Feb 14, 2011 at 7:19 PM, Marcy Cortes < >> marcy.d.cor...@wellsfargo.com >> > wrote: >> >> > You have no card accessible to Linux. >> > >> > Do you have a OPTION CRYPTO APVIRT in your directory entry >> > What do you get when you type >> > >> > Q CRYPTO AP on VM. >> > >> > >> > >> > Marcy >> > >> > >> > -Original Message- >> > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of >> > Rogério Soares >> > Sent: Monday, February 14, 2011 1:14 PM >>
Re: crypto with sshd
another thing is SSHD cpu usage.. with or without, on large transfer cpu usage is practicaly the same ... 2011/2/14 Rogério Soares > maybe i made some confusion here... > > i' can't get any call to libica, that is why a guess that is not working > ... :-/ > > > > On Mon, Feb 14, 2011 at 7:56 PM, Marcy Cortes < > marcy.d.cor...@wellsfargo.com> wrote: > >> Ok, good that works. >> And you should seen some incrementing in all those zero's down at the >> bottom of /proc/drivers/z90crypt, correct? >> >> And you don't see any on SSH leading you to believe its not working for >> ssh? >> >> >> >> Marcy Cortes >> >> Operating Systems Engineer, z/VM and Linux on System z >> Enterprise Hosting Services, Mainframe/Midrange Services >> >> Wells Fargo Bank | 201 Third Street | San Francisco, CA 94103 >> MAC A0187-050 >> Tel 415-477-6343 | Cell 415-517-0895 >> >> marcy.d.cor...@wellsfargo.com >> >> This message may contain confidential and/or privileged information. If >> you are not the addressee or authorized to receive this for the addressee, >> you must not use, copy, disclose, or take any action based on this message >> or any information herein. If you have received this message in error, >> please advise the sender immediately by reply e-mail and delete this >> message. Thank you for your cooperation. >> >> >> -Original Message- >> From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of >> Rogério Soares >> Sent: Monday, February 14, 2011 1:41 PM >> To: LINUX-390@vm.marist.edu >> Subject: Re: [LINUX-390] crypto with sshd >> >> Marcy, >> >> with >> >> #openssl_conf = openssl_def >> >> >> jbsp124:~ # openssl speed -evp des-ede3-cbc >> Doing des-ede3-cbc for 3s on 16 size blocks: 4132050 des-ede3-cbc's in >> 2.94s >> Doing des-ede3-cbc for 3s on 64 size blocks: 1090654 des-ede3-cbc's in >> 2.95s >> Doing des-ede3-cbc for 3s on 256 size blocks: 276504 des-ede3-cbc's in >> 2.97s >> Doing des-ede3-cbc for 3s on 1024 size blocks: 69077 des-ede3-cbc's in >> 2.96s >> Doing des-ede3-cbc for 3s on 8192 size blocks: 8580 des-ede3-cbc's in >> 2.94s >> OpenSSL 0.9.8a 11 Oct 2005 >> built on: Mon Jul 27 13:51:43 UTC 2009 >> options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial) >> blowfish(idx) >> compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT >> -DDSO_DLFCN >> -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0 >> -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall >> -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM >> available timing options: TIMES TIMEB HZ=100 [sysconf value] >> timing function used: times >> The 'numbers' are in 1000s of bytes per second processed. >> type 16 bytes 64 bytes256 bytes 1024 bytes 8192 >> bytes >> des-ede3-cbc 22487.35k23661.65k23833.34k23896.91k >> 23907.27k >> >> >> with >> >> openssl_conf = openssl_def >> >> jbsp124:~ # vi /etc/ssl/openssl.cnf >> jbsp124:~ # openssl speed -evp des-ede3-cbc >> Doing des-ede3-cbc for 3s on 16 size blocks: 12827073 des-ede3-cbc's in >> 2.97s >> Doing des-ede3-cbc for 3s on 64 size blocks: 8270315 des-ede3-cbc's in >> 2.97s >> Doing des-ede3-cbc for 3s on 256 size blocks: 3360218 des-ede3-cbc's in >> 2.97s >> Doing des-ede3-cbc for 3s on 1024 size blocks: 1006040 des-ede3-cbc's in >> 2.98s >> Doing des-ede3-cbc for 3s on 8192 size blocks: 132563 des-ede3-cbc's in >> 2.98s >> OpenSSL 0.9.8a 11 Oct 2005 >> built on: Mon Jul 27 13:51:43 UTC 2009 >> options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial) >> blowfish(idx) >> compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT >> -DDSO_DLFCN >> -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0 >> -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall >> -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM >> available timing options: TIMES TIMEB HZ=100 [sysconf value] >> timing function used: times >> The 'numbers' are in 1000s of bytes per second processed. >> type 16 bytes 64 bytes256 bytes 1024 bytes 8192 >> bytes >> des-ede3-cbc 69102.08k 178215.54k 289634.95k 345699.65k >> 364414.80k >> jbsp124:~ # >> >> >> >> >> On Mon, Feb 14, 2011 at 7:19 PM, Marcy Cortes < >> marcy.d.cor...@wellsfargo.com >> > wrote: >> >> > You have no card accessible to Linux. >> > >> > Do you have a OPTION CRYPTO APVIRT in your directory entry >> > What do you get when you type >> > >> > Q CRYPTO AP on VM. >> > >> > >> > >> > Marcy >> > >> > >> > -Original Message- >> > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of >> > Rogério Soares >> > Sent: Monday, February 14, 2011 1:14 PM >> > To: LINUX-390@vm.marist.edu >> > Subject: Re: [LINUX-390] crypto with sshd >> > >> > and yes, i'm running under vm 6.1. >> > >> > >> > >> > On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes < >> > marcy.d.cor...@wellsfargo.com >> > > wrote: >> > >> > > I'm pretty sure SLES 10
Re: crypto with sshd
maybe i made some confusion here... i' can't get any call to libica, that is why a guess that is not working ... :-/ On Mon, Feb 14, 2011 at 7:56 PM, Marcy Cortes wrote: > Ok, good that works. > And you should seen some incrementing in all those zero's down at the > bottom of /proc/drivers/z90crypt, correct? > > And you don't see any on SSH leading you to believe its not working for > ssh? > > > > Marcy Cortes > > Operating Systems Engineer, z/VM and Linux on System z > Enterprise Hosting Services, Mainframe/Midrange Services > > Wells Fargo Bank | 201 Third Street | San Francisco, CA 94103 > MAC A0187-050 > Tel 415-477-6343 | Cell 415-517-0895 > > marcy.d.cor...@wellsfargo.com > > This message may contain confidential and/or privileged information. If you > are not the addressee or authorized to receive this for the addressee, you > must not use, copy, disclose, or take any action based on this message or > any information herein. If you have received this message in error, please > advise the sender immediately by reply e-mail and delete this message. Thank > you for your cooperation. > > > -Original Message- > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of > Rogério Soares > Sent: Monday, February 14, 2011 1:41 PM > To: LINUX-390@vm.marist.edu > Subject: Re: [LINUX-390] crypto with sshd > > Marcy, > > with > > #openssl_conf = openssl_def > > > jbsp124:~ # openssl speed -evp des-ede3-cbc > Doing des-ede3-cbc for 3s on 16 size blocks: 4132050 des-ede3-cbc's in > 2.94s > Doing des-ede3-cbc for 3s on 64 size blocks: 1090654 des-ede3-cbc's in > 2.95s > Doing des-ede3-cbc for 3s on 256 size blocks: 276504 des-ede3-cbc's in > 2.97s > Doing des-ede3-cbc for 3s on 1024 size blocks: 69077 des-ede3-cbc's in > 2.96s > Doing des-ede3-cbc for 3s on 8192 size blocks: 8580 des-ede3-cbc's in 2.94s > OpenSSL 0.9.8a 11 Oct 2005 > built on: Mon Jul 27 13:51:43 UTC 2009 > options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial) > blowfish(idx) > compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT > -DDSO_DLFCN > -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0 > -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall > -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM > available timing options: TIMES TIMEB HZ=100 [sysconf value] > timing function used: times > The 'numbers' are in 1000s of bytes per second processed. > type 16 bytes 64 bytes256 bytes 1024 bytes 8192 > bytes > des-ede3-cbc 22487.35k23661.65k23833.34k23896.91k > 23907.27k > > > with > > openssl_conf = openssl_def > > jbsp124:~ # vi /etc/ssl/openssl.cnf > jbsp124:~ # openssl speed -evp des-ede3-cbc > Doing des-ede3-cbc for 3s on 16 size blocks: 12827073 des-ede3-cbc's in > 2.97s > Doing des-ede3-cbc for 3s on 64 size blocks: 8270315 des-ede3-cbc's in > 2.97s > Doing des-ede3-cbc for 3s on 256 size blocks: 3360218 des-ede3-cbc's in > 2.97s > Doing des-ede3-cbc for 3s on 1024 size blocks: 1006040 des-ede3-cbc's in > 2.98s > Doing des-ede3-cbc for 3s on 8192 size blocks: 132563 des-ede3-cbc's in > 2.98s > OpenSSL 0.9.8a 11 Oct 2005 > built on: Mon Jul 27 13:51:43 UTC 2009 > options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial) > blowfish(idx) > compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT > -DDSO_DLFCN > -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0 > -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall > -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM > available timing options: TIMES TIMEB HZ=100 [sysconf value] > timing function used: times > The 'numbers' are in 1000s of bytes per second processed. > type 16 bytes 64 bytes256 bytes 1024 bytes 8192 > bytes > des-ede3-cbc 69102.08k 178215.54k 289634.95k 345699.65k > 364414.80k > jbsp124:~ # > > > > > On Mon, Feb 14, 2011 at 7:19 PM, Marcy Cortes < > marcy.d.cor...@wellsfargo.com > > wrote: > > > You have no card accessible to Linux. > > > > Do you have a OPTION CRYPTO APVIRT in your directory entry > > What do you get when you type > > > > Q CRYPTO AP on VM. > > > > > > > > Marcy > > > > > > -Original Message- > > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of > > Rogério Soares > > Sent: Monday, February 14, 2011 1:14 PM > > To: LINUX-390@vm.marist.edu > > Subject: Re: [LINUX-390] crypto with sshd > > > > and yes, i'm running under vm 6.1. > > > > > > > > On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes < > > marcy.d.cor...@wellsfargo.com > > > wrote: > > > > > I'm pretty sure SLES 10 SP3's openssh is already built correctly and > you > > > should not have to rebuild it. > > > What do you get when you > > > cat /proc/drivers/z90crypt (please post) > > > Are you running under VM? > > > > > > > > > Marcy > > > > > > -Original Message- > > > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu
Re: crypto with sshd
Ok, good that works. And you should seen some incrementing in all those zero's down at the bottom of /proc/drivers/z90crypt, correct? And you don't see any on SSH leading you to believe its not working for ssh? Marcy Cortes Operating Systems Engineer, z/VM and Linux on System z Enterprise Hosting Services, Mainframe/Midrange Services Wells Fargo Bank | 201 Third Street | San Francisco, CA 94103 MAC A0187-050 Tel 415-477-6343 | Cell 415-517-0895 marcy.d.cor...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of Rogério Soares Sent: Monday, February 14, 2011 1:41 PM To: LINUX-390@vm.marist.edu Subject: Re: [LINUX-390] crypto with sshd Marcy, with #openssl_conf = openssl_def jbsp124:~ # openssl speed -evp des-ede3-cbc Doing des-ede3-cbc for 3s on 16 size blocks: 4132050 des-ede3-cbc's in 2.94s Doing des-ede3-cbc for 3s on 64 size blocks: 1090654 des-ede3-cbc's in 2.95s Doing des-ede3-cbc for 3s on 256 size blocks: 276504 des-ede3-cbc's in 2.97s Doing des-ede3-cbc for 3s on 1024 size blocks: 69077 des-ede3-cbc's in 2.96s Doing des-ede3-cbc for 3s on 8192 size blocks: 8580 des-ede3-cbc's in 2.94s OpenSSL 0.9.8a 11 Oct 2005 built on: Mon Jul 27 13:51:43 UTC 2009 options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0 -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes des-ede3-cbc 22487.35k23661.65k23833.34k23896.91k 23907.27k with openssl_conf = openssl_def jbsp124:~ # vi /etc/ssl/openssl.cnf jbsp124:~ # openssl speed -evp des-ede3-cbc Doing des-ede3-cbc for 3s on 16 size blocks: 12827073 des-ede3-cbc's in 2.97s Doing des-ede3-cbc for 3s on 64 size blocks: 8270315 des-ede3-cbc's in 2.97s Doing des-ede3-cbc for 3s on 256 size blocks: 3360218 des-ede3-cbc's in 2.97s Doing des-ede3-cbc for 3s on 1024 size blocks: 1006040 des-ede3-cbc's in 2.98s Doing des-ede3-cbc for 3s on 8192 size blocks: 132563 des-ede3-cbc's in 2.98s OpenSSL 0.9.8a 11 Oct 2005 built on: Mon Jul 27 13:51:43 UTC 2009 options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0 -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes des-ede3-cbc 69102.08k 178215.54k 289634.95k 345699.65k 364414.80k jbsp124:~ # On Mon, Feb 14, 2011 at 7:19 PM, Marcy Cortes wrote: > You have no card accessible to Linux. > > Do you have a OPTION CRYPTO APVIRT in your directory entry > What do you get when you type > > Q CRYPTO AP on VM. > > > > Marcy > > > -Original Message- > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of > Rogério Soares > Sent: Monday, February 14, 2011 1:14 PM > To: LINUX-390@vm.marist.edu > Subject: Re: [LINUX-390] crypto with sshd > > and yes, i'm running under vm 6.1. > > > > On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes < > marcy.d.cor...@wellsfargo.com > > wrote: > > > I'm pretty sure SLES 10 SP3's openssh is already built correctly and you > > should not have to rebuild it. > > What do you get when you > > cat /proc/drivers/z90crypt (please post) > > Are you running under VM? > > > > > > Marcy > > > > -Original Message- > > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of > > Rogério Soares > > Sent: Monday, February 14, 2011 12:53 PM > > To: LINUX-390@vm.marist.edu > > Subject: Re: [LINUX-390] crypto with sshd > > > > i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35 > > package and change de spec file to include --ssl-engine and made a > rpmbuild > > .. that is why asking.. on paper is not clear if the change is only this > or > > something more... thanks anyway. > > > > > > > > On Mon, Feb 14, 2011 at 6
Re: crypto with sshd
Marcy, with #openssl_conf = openssl_def jbsp124:~ # openssl speed -evp des-ede3-cbc Doing des-ede3-cbc for 3s on 16 size blocks: 4132050 des-ede3-cbc's in 2.94s Doing des-ede3-cbc for 3s on 64 size blocks: 1090654 des-ede3-cbc's in 2.95s Doing des-ede3-cbc for 3s on 256 size blocks: 276504 des-ede3-cbc's in 2.97s Doing des-ede3-cbc for 3s on 1024 size blocks: 69077 des-ede3-cbc's in 2.96s Doing des-ede3-cbc for 3s on 8192 size blocks: 8580 des-ede3-cbc's in 2.94s OpenSSL 0.9.8a 11 Oct 2005 built on: Mon Jul 27 13:51:43 UTC 2009 options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0 -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes des-ede3-cbc 22487.35k23661.65k23833.34k23896.91k 23907.27k with openssl_conf = openssl_def jbsp124:~ # vi /etc/ssl/openssl.cnf jbsp124:~ # openssl speed -evp des-ede3-cbc Doing des-ede3-cbc for 3s on 16 size blocks: 12827073 des-ede3-cbc's in 2.97s Doing des-ede3-cbc for 3s on 64 size blocks: 8270315 des-ede3-cbc's in 2.97s Doing des-ede3-cbc for 3s on 256 size blocks: 3360218 des-ede3-cbc's in 2.97s Doing des-ede3-cbc for 3s on 1024 size blocks: 1006040 des-ede3-cbc's in 2.98s Doing des-ede3-cbc for 3s on 8192 size blocks: 132563 des-ede3-cbc's in 2.98s OpenSSL 0.9.8a 11 Oct 2005 built on: Mon Jul 27 13:51:43 UTC 2009 options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0 -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM available timing options: TIMES TIMEB HZ=100 [sysconf value] timing function used: times The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes des-ede3-cbc 69102.08k 178215.54k 289634.95k 345699.65k 364414.80k jbsp124:~ # On Mon, Feb 14, 2011 at 7:19 PM, Marcy Cortes wrote: > You have no card accessible to Linux. > > Do you have a OPTION CRYPTO APVIRT in your directory entry > What do you get when you type > > Q CRYPTO AP on VM. > > > > Marcy > > > -Original Message- > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of > Rogério Soares > Sent: Monday, February 14, 2011 1:14 PM > To: LINUX-390@vm.marist.edu > Subject: Re: [LINUX-390] crypto with sshd > > and yes, i'm running under vm 6.1. > > > > On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes < > marcy.d.cor...@wellsfargo.com > > wrote: > > > I'm pretty sure SLES 10 SP3's openssh is already built correctly and you > > should not have to rebuild it. > > What do you get when you > > cat /proc/drivers/z90crypt (please post) > > Are you running under VM? > > > > > > Marcy > > > > -Original Message- > > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of > > Rogério Soares > > Sent: Monday, February 14, 2011 12:53 PM > > To: LINUX-390@vm.marist.edu > > Subject: Re: [LINUX-390] crypto with sshd > > > > i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35 > > package and change de spec file to include --ssl-engine and made a > rpmbuild > > .. that is why asking.. on paper is not clear if the change is only this > or > > something more... thanks anyway. > > > > > > > > On Mon, Feb 14, 2011 at 6:43 PM, Mark Post wrote: > > > > > >>> On 2/14/2011 at 03:08 PM, Rogério Soares > > > wrote: > > > > Mark, i already did it too.. > > > > > > > > jbsp124:~ # openssl engine > > > > (dynamic) Dynamic engine loading support > > > > (ibmca) Ibmca hardware engine support > > > > jbsp124:~ # > > > > jbsp124:~ # > > > > jbsp124:~ # rpm -qa | grep openss > > > > openssl-devel-0.9.8a-18.36 > > > > openssl-0.9.8a-18.36 > > > > openssh-askpass-4.2p1-18.40.35 > > > > openssl-ibmca-1.0.0-7.16 > > > > compat-openssl097g-0.9.7g-13.16 > > > > openssh-4.2p1-18.40.35 > > > > > > > > on sshd server the only change is enable --ssl-engine ? > > > > > > You need to have a version of openSSH with the patch that actually > > enables > > > the use of SSL. In the IBM paper, they were working with an modified > > > version of openssh-5.1p1. I doubt very much that a copy of the 4.2p1 > > source > > > is going to have that. > > > > > > > > > Mark Post > > > > > > -- > > > For LINUX-390 subscribe / signoff / archive access instructions, > > > send email to lists..
Re: crypto with sshd
You have no card accessible to Linux. Do you have a OPTION CRYPTO APVIRT in your directory entry What do you get when you type Q CRYPTO AP on VM. Marcy -Original Message- From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of Rogério Soares Sent: Monday, February 14, 2011 1:14 PM To: LINUX-390@vm.marist.edu Subject: Re: [LINUX-390] crypto with sshd and yes, i'm running under vm 6.1. On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes wrote: > I'm pretty sure SLES 10 SP3's openssh is already built correctly and you > should not have to rebuild it. > What do you get when you > cat /proc/drivers/z90crypt (please post) > Are you running under VM? > > > Marcy > > -Original Message- > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of > Rogério Soares > Sent: Monday, February 14, 2011 12:53 PM > To: LINUX-390@vm.marist.edu > Subject: Re: [LINUX-390] crypto with sshd > > i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35 > package and change de spec file to include --ssl-engine and made a rpmbuild > .. that is why asking.. on paper is not clear if the change is only this or > something more... thanks anyway. > > > > On Mon, Feb 14, 2011 at 6:43 PM, Mark Post wrote: > > > >>> On 2/14/2011 at 03:08 PM, Rogério Soares > > wrote: > > > Mark, i already did it too.. > > > > > > jbsp124:~ # openssl engine > > > (dynamic) Dynamic engine loading support > > > (ibmca) Ibmca hardware engine support > > > jbsp124:~ # > > > jbsp124:~ # > > > jbsp124:~ # rpm -qa | grep openss > > > openssl-devel-0.9.8a-18.36 > > > openssl-0.9.8a-18.36 > > > openssh-askpass-4.2p1-18.40.35 > > > openssl-ibmca-1.0.0-7.16 > > > compat-openssl097g-0.9.7g-13.16 > > > openssh-4.2p1-18.40.35 > > > > > > on sshd server the only change is enable --ssl-engine ? > > > > You need to have a version of openSSH with the patch that actually > enables > > the use of SSL. In the IBM paper, they were working with an modified > > version of openssh-5.1p1. I doubt very much that a copy of the 4.2p1 > source > > is going to have that. > > > > > > Mark Post > > > > -- > > For LINUX-390 subscribe / signoff / archive access instructions, > > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > > visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > -- > > For more information on Linux on System z, visit > > http://wiki.linuxvm.org/ > > > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: crypto with sshd
Oops, Sorry .. You do have a crypto express 2. I missed that! So never mind that. What do openssl speed test show? Do you see the faster response there? Marcy -Original Message- From: Cortes, Marcy D. Sent: Monday, February 14, 2011 1:19 PM To: LINUX-390@vm.marist.edu Subject: RE: [LINUX-390] crypto with sshd You have no card accessible to Linux. Do you have a OPTION CRYPTO APVIRT in your directory entry What do you get when you type Q CRYPTO AP on VM. Marcy -Original Message- From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of Rogério Soares Sent: Monday, February 14, 2011 1:14 PM To: LINUX-390@vm.marist.edu Subject: Re: [LINUX-390] crypto with sshd and yes, i'm running under vm 6.1. On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes wrote: > I'm pretty sure SLES 10 SP3's openssh is already built correctly and you > should not have to rebuild it. > What do you get when you > cat /proc/drivers/z90crypt (please post) > Are you running under VM? > > > Marcy > > -Original Message- > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of > Rogério Soares > Sent: Monday, February 14, 2011 12:53 PM > To: LINUX-390@vm.marist.edu > Subject: Re: [LINUX-390] crypto with sshd > > i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35 > package and change de spec file to include --ssl-engine and made a rpmbuild > .. that is why asking.. on paper is not clear if the change is only this or > something more... thanks anyway. > > > > On Mon, Feb 14, 2011 at 6:43 PM, Mark Post wrote: > > > >>> On 2/14/2011 at 03:08 PM, Rogério Soares > > wrote: > > > Mark, i already did it too.. > > > > > > jbsp124:~ # openssl engine > > > (dynamic) Dynamic engine loading support > > > (ibmca) Ibmca hardware engine support > > > jbsp124:~ # > > > jbsp124:~ # > > > jbsp124:~ # rpm -qa | grep openss > > > openssl-devel-0.9.8a-18.36 > > > openssl-0.9.8a-18.36 > > > openssh-askpass-4.2p1-18.40.35 > > > openssl-ibmca-1.0.0-7.16 > > > compat-openssl097g-0.9.7g-13.16 > > > openssh-4.2p1-18.40.35 > > > > > > on sshd server the only change is enable --ssl-engine ? > > > > You need to have a version of openSSH with the patch that actually > enables > > the use of SSL. In the IBM paper, they were working with an modified > > version of openssh-5.1p1. I doubt very much that a copy of the 4.2p1 > source > > is going to have that. > > > > > > Mark Post > > > > -- > > For LINUX-390 subscribe / signoff / archive access instructions, > > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > > visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > -- > > For more information on Linux on System z, visit > > http://wiki.linuxvm.org/ > > > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: crypto with sshd
and yes, i'm running under vm 6.1. On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes wrote: > I'm pretty sure SLES 10 SP3's openssh is already built correctly and you > should not have to rebuild it. > What do you get when you > cat /proc/drivers/z90crypt (please post) > Are you running under VM? > > > Marcy > > -Original Message- > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of > Rogério Soares > Sent: Monday, February 14, 2011 12:53 PM > To: LINUX-390@vm.marist.edu > Subject: Re: [LINUX-390] crypto with sshd > > i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35 > package and change de spec file to include --ssl-engine and made a rpmbuild > .. that is why asking.. on paper is not clear if the change is only this or > something more... thanks anyway. > > > > On Mon, Feb 14, 2011 at 6:43 PM, Mark Post wrote: > > > >>> On 2/14/2011 at 03:08 PM, Rogério Soares > > wrote: > > > Mark, i already did it too.. > > > > > > jbsp124:~ # openssl engine > > > (dynamic) Dynamic engine loading support > > > (ibmca) Ibmca hardware engine support > > > jbsp124:~ # > > > jbsp124:~ # > > > jbsp124:~ # rpm -qa | grep openss > > > openssl-devel-0.9.8a-18.36 > > > openssl-0.9.8a-18.36 > > > openssh-askpass-4.2p1-18.40.35 > > > openssl-ibmca-1.0.0-7.16 > > > compat-openssl097g-0.9.7g-13.16 > > > openssh-4.2p1-18.40.35 > > > > > > on sshd server the only change is enable --ssl-engine ? > > > > You need to have a version of openSSH with the patch that actually > enables > > the use of SSL. In the IBM paper, they were working with an modified > > version of openssh-5.1p1. I doubt very much that a copy of the 4.2p1 > source > > is going to have that. > > > > > > Mark Post > > > > -- > > For LINUX-390 subscribe / signoff / archive access instructions, > > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > > visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > -- > > For more information on Linux on System z, visit > > http://wiki.linuxvm.org/ > > > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: crypto with sshd
WoW, here is jbsp124:~ # cat /proc/driver/z90crypt zcrypt version: 2.1.1 Cryptographic domain: 7 Total device count: 1 PCICA count: 0 PCICC count: 0 PCIXCC MCL2 count: 0 PCIXCC MCL3 count: 0 CEX2C count: 1 CEX2A count: 0 requestq count: 0 pendingq count: 0 Total open handles: 0 Online devices: 1=PCICA 2=PCICC 3=PCIXCC(MCL2) 4=PCIXCC(MCL3) 5=CEX2C 6=CEX2A 5000 Waiting work element counts Per-device successfully completed request counts jbsp124:~ # Thanks Marcy! On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes wrote: > I'm pretty sure SLES 10 SP3's openssh is already built correctly and you > should not have to rebuild it. > What do you get when you > cat /proc/drivers/z90crypt (please post) > Are you running under VM? > > > Marcy > > -Original Message- > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of > Rogério Soares > Sent: Monday, February 14, 2011 12:53 PM > To: LINUX-390@vm.marist.edu > Subject: Re: [LINUX-390] crypto with sshd > > i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35 > package and change de spec file to include --ssl-engine and made a rpmbuild > .. that is why asking.. on paper is not clear if the change is only this or > something more... thanks anyway. > > > > On Mon, Feb 14, 2011 at 6:43 PM, Mark Post wrote: > > > >>> On 2/14/2011 at 03:08 PM, Rogério Soares > > wrote: > > > Mark, i already did it too.. > > > > > > jbsp124:~ # openssl engine > > > (dynamic) Dynamic engine loading support > > > (ibmca) Ibmca hardware engine support > > > jbsp124:~ # > > > jbsp124:~ # > > > jbsp124:~ # rpm -qa | grep openss > > > openssl-devel-0.9.8a-18.36 > > > openssl-0.9.8a-18.36 > > > openssh-askpass-4.2p1-18.40.35 > > > openssl-ibmca-1.0.0-7.16 > > > compat-openssl097g-0.9.7g-13.16 > > > openssh-4.2p1-18.40.35 > > > > > > on sshd server the only change is enable --ssl-engine ? > > > > You need to have a version of openSSH with the patch that actually > enables > > the use of SSL. In the IBM paper, they were working with an modified > > version of openssh-5.1p1. I doubt very much that a copy of the 4.2p1 > source > > is going to have that. > > > > > > Mark Post > > > > -- > > For LINUX-390 subscribe / signoff / archive access instructions, > > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > > visit > > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > -- > > For more information on Linux on System z, visit > > http://wiki.linuxvm.org/ > > > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: crypto with sshd
I'm pretty sure SLES 10 SP3's openssh is already built correctly and you should not have to rebuild it. What do you get when you cat /proc/drivers/z90crypt (please post) Are you running under VM? Marcy -Original Message- From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of Rogério Soares Sent: Monday, February 14, 2011 12:53 PM To: LINUX-390@vm.marist.edu Subject: Re: [LINUX-390] crypto with sshd i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35 package and change de spec file to include --ssl-engine and made a rpmbuild .. that is why asking.. on paper is not clear if the change is only this or something more... thanks anyway. On Mon, Feb 14, 2011 at 6:43 PM, Mark Post wrote: > >>> On 2/14/2011 at 03:08 PM, Rogério Soares > wrote: > > Mark, i already did it too.. > > > > jbsp124:~ # openssl engine > > (dynamic) Dynamic engine loading support > > (ibmca) Ibmca hardware engine support > > jbsp124:~ # > > jbsp124:~ # > > jbsp124:~ # rpm -qa | grep openss > > openssl-devel-0.9.8a-18.36 > > openssl-0.9.8a-18.36 > > openssh-askpass-4.2p1-18.40.35 > > openssl-ibmca-1.0.0-7.16 > > compat-openssl097g-0.9.7g-13.16 > > openssh-4.2p1-18.40.35 > > > > on sshd server the only change is enable --ssl-engine ? > > You need to have a version of openSSH with the patch that actually enables > the use of SSL. In the IBM paper, they were working with an modified > version of openssh-5.1p1. I doubt very much that a copy of the 4.2p1 source > is going to have that. > > > Mark Post > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: crypto with sshd
i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35 package and change de spec file to include --ssl-engine and made a rpmbuild .. that is why asking.. on paper is not clear if the change is only this or something more... thanks anyway. On Mon, Feb 14, 2011 at 6:43 PM, Mark Post wrote: > >>> On 2/14/2011 at 03:08 PM, Rogério Soares > wrote: > > Mark, i already did it too.. > > > > jbsp124:~ # openssl engine > > (dynamic) Dynamic engine loading support > > (ibmca) Ibmca hardware engine support > > jbsp124:~ # > > jbsp124:~ # > > jbsp124:~ # rpm -qa | grep openss > > openssl-devel-0.9.8a-18.36 > > openssl-0.9.8a-18.36 > > openssh-askpass-4.2p1-18.40.35 > > openssl-ibmca-1.0.0-7.16 > > compat-openssl097g-0.9.7g-13.16 > > openssh-4.2p1-18.40.35 > > > > on sshd server the only change is enable --ssl-engine ? > > You need to have a version of openSSH with the patch that actually enables > the use of SSL. In the IBM paper, they were working with an modified > version of openssh-5.1p1. I doubt very much that a copy of the 4.2p1 source > is going to have that. > > > Mark Post > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: crypto with sshd
>>> On 2/14/2011 at 03:08 PM, Rogério Soares wrote: > Mark, i already did it too.. > > jbsp124:~ # openssl engine > (dynamic) Dynamic engine loading support > (ibmca) Ibmca hardware engine support > jbsp124:~ # > jbsp124:~ # > jbsp124:~ # rpm -qa | grep openss > openssl-devel-0.9.8a-18.36 > openssl-0.9.8a-18.36 > openssh-askpass-4.2p1-18.40.35 > openssl-ibmca-1.0.0-7.16 > compat-openssl097g-0.9.7g-13.16 > openssh-4.2p1-18.40.35 > > on sshd server the only change is enable --ssl-engine ? You need to have a version of openSSH with the patch that actually enables the use of SSL. In the IBM paper, they were working with an modified version of openssh-5.1p1. I doubt very much that a copy of the 4.2p1 source is going to have that. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: crypto with sshd
Mark, i already did it too.. jbsp124:~ # openssl engine (dynamic) Dynamic engine loading support (ibmca) Ibmca hardware engine support jbsp124:~ # jbsp124:~ # jbsp124:~ # rpm -qa | grep openss openssl-devel-0.9.8a-18.36 openssl-0.9.8a-18.36 openssh-askpass-4.2p1-18.40.35 openssl-ibmca-1.0.0-7.16 compat-openssl097g-0.9.7g-13.16 openssh-4.2p1-18.40.35 on sshd server the only change is enable --ssl-engine ? Thanks again. On Sun, Feb 13, 2011 at 10:41 PM, Mark Post wrote: > >>> On 2/12/2011 at 04:03 PM, Rogério Soares > wrote: > > i have installed all packages describe on paper.. appears like sshd is > > not calling icalib, i just have recompile sshd with --ssl-engine, is just > it > > ? i do not understand very well on paper if the "PTF" is just is or > > something more... > > You also have to modify the openssl configuration file to use the IBM ICA > engine. > > > Mark Post > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: SLES10 LPAR clone - OSA interface not found
Doug, an OSA-card can be used in non-QDIO mode (OSE) or in QDIO-mode (OSD). Your IOCDS-definition defines the type of your OSA-Express channel to be OSE or OSD. If lscss displays a CU-Type 1731/01, your OSA-Express channel is defined as OSD. In Linux the lcs-driver is responsible for OSE-type channels and the qeth-driver is responsible for OSD-type channels. For OSD-type devices a subchannel-triple is necessary to create a qeth-device, for instance echo 0.0.3200,0.0.3201,0.0.3202 > /sys/bus/ccwgroup/drivers/qeth/group Regards, Ursula Braun, IBM Germany On Fri, 2011-02-11 at 14:57 -0800, Lester, Doug wrote: > Mark, > > This is the lscss output. How do I tell if it is in LCS mode? > > Device Subchan. DevType CU Type Use PIM PAM POM CHPIDs > -- > 0.0.3200 0.0.1103 1732/01 1731/01 80 80 FF 0200 > 0.0.3201 0.0.1104 1732/01 1731/01 80 80 FF 0200 > > Thanks, > > Doug -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/