date:20110214

Re: crypto with sshd

2011-02-14 Thread Rogério Soares

not installed. installing :)

On Mon, Feb 14, 2011 at 8:35 PM, Marcy Cortes  wrote:

> Do you have on the openCrypto* packages?
>
>
> Marcy
> -Original Message-
> From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
> Rogério Soares
> Sent: Monday, February 14, 2011 2:23 PM
> To: LINUX-390@vm.marist.edu
> Subject: Re: [LINUX-390] crypto with sshd
>
> another thing is SSHD cpu usage.. with or without, on large transfer cpu
> usage is practicaly the same ...
>
> 2011/2/14 Rogério Soares 
>
> > maybe i made some confusion here...
> >
> > i' can't get any call to libica, that is why a guess that is not working
> > ... :-/
> >
> >
> >
> > On Mon, Feb 14, 2011 at 7:56 PM, Marcy Cortes <
> > marcy.d.cor...@wellsfargo.com> wrote:
> >
> >> Ok, good that works.
> >> And you should seen some incrementing in all those zero's down at the
> >> bottom of /proc/drivers/z90crypt, correct?
> >>
> >> And you don't see any on SSH leading you to believe its not working for
> >> ssh?
> >>
> >>
> >>
> >> Marcy Cortes
> >>
> >> Operating Systems Engineer, z/VM and Linux on System z
> >> Enterprise Hosting Services, Mainframe/Midrange Services
> >>
> >> Wells Fargo Bank | 201 Third Street | San Francisco, CA 94103
> >> MAC A0187-050
> >> Tel 415-477-6343 | Cell 415-517-0895
> >>
> >> marcy.d.cor...@wellsfargo.com
> >>
> >> This message may contain confidential and/or privileged information. If
> >> you are not the addressee or authorized to receive this for the
> addressee,
> >> you must not use, copy, disclose, or take any action based on this
> message
> >> or any information herein. If you have received this message in error,
> >> please advise the sender immediately by reply e-mail and delete this
> >> message. Thank you for your cooperation.
> >>
> >>
> >> -Original Message-
> >> From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
> >> Rogério Soares
> >> Sent: Monday, February 14, 2011 1:41 PM
> >> To: LINUX-390@vm.marist.edu
> >> Subject: Re: [LINUX-390] crypto with sshd
> >>
> >> Marcy,
> >>
> >>  with
> >>
> >> #openssl_conf = openssl_def
> >>
> >>
> >> jbsp124:~ # openssl speed -evp des-ede3-cbc
> >> Doing des-ede3-cbc for 3s on 16 size blocks: 4132050 des-ede3-cbc's in
> >> 2.94s
> >> Doing des-ede3-cbc for 3s on 64 size blocks: 1090654 des-ede3-cbc's in
> >> 2.95s
> >> Doing des-ede3-cbc for 3s on 256 size blocks: 276504 des-ede3-cbc's in
> >> 2.97s
> >> Doing des-ede3-cbc for 3s on 1024 size blocks: 69077 des-ede3-cbc's in
> >> 2.96s
> >> Doing des-ede3-cbc for 3s on 8192 size blocks: 8580 des-ede3-cbc's in
> >> 2.94s
> >> OpenSSL 0.9.8a 11 Oct 2005
> >> built on: Mon Jul 27 13:51:43 UTC 2009
> >> options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long)
> aes(partial)
> >> blowfish(idx)
> >> compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
> >> -DDSO_DLFCN
> >> -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2
> -fmessage-length=0
> >> -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
> >> -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM
> >> available timing options: TIMES TIMEB HZ=100 [sysconf value]
> >> timing function used: times
> >> The 'numbers' are in 1000s of bytes per second processed.
> >> type 16 bytes 64 bytes256 bytes   1024 bytes   8192
> >> bytes
> >> des-ede3-cbc 22487.35k23661.65k23833.34k23896.91k
> >> 23907.27k
> >>
> >>
> >> with
> >>
> >> openssl_conf = openssl_def
> >>
> >> jbsp124:~ # vi /etc/ssl/openssl.cnf
> >> jbsp124:~ # openssl speed -evp des-ede3-cbc
> >> Doing des-ede3-cbc for 3s on 16 size blocks: 12827073 des-ede3-cbc's in
> >> 2.97s
> >> Doing des-ede3-cbc for 3s on 64 size blocks: 8270315 des-ede3-cbc's in
> >> 2.97s
> >> Doing des-ede3-cbc for 3s on 256 size blocks: 3360218 des-ede3-cbc's in
> >> 2.97s
> >> Doing des-ede3-cbc for 3s on 1024 size blocks: 1006040 des-ede3-cbc's in
> >> 2.98s
> >> Doing des-ede3-cbc for 3s on 8192 size blocks: 132563 des-ede3-cbc's in
> >> 2.98s
> >> OpenSSL 0.9.8a 11 Oct 2005
> >> built on: Mon Jul 27 13:51:43 UTC 2009
> >> options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long)
> aes(partial)
> >> blowfish(idx)
> >> compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
> >> -DDSO_DLFCN
> >> -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2
> -fmessage-length=0
> >> -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
> >> -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM
> >> available timing options: TIMES TIMEB HZ=100 [sysconf value]
> >> timing function used: times
> >> The 'numbers' are in 1000s of bytes per second processed.
> >> type 16 bytes 64 bytes256 bytes   1024 bytes   8192
> >> bytes
> >> des-ede3-cbc 69102.08k   178215.54k   289634.95k   345699.65k
> >> 364414.80k
> >> jbsp124:~ #
> >>
> >>
> >>
> >>
> >> On Mon, Feb 14, 2011 at 7:19 PM, Marcy Cortes <
> >> marcy.d.cor...@wellsfargo.com
> >> > wrote:
> >>
> >> > You have

Re: crypto with sshd

2011-02-14 Thread Marcy Cortes

Do you have on the openCrypto* packages?


Marcy 
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of Rogério 
Soares
Sent: Monday, February 14, 2011 2:23 PM
To: LINUX-390@vm.marist.edu
Subject: Re: [LINUX-390] crypto with sshd

another thing is SSHD cpu usage.. with or without, on large transfer cpu
usage is practicaly the same ...

2011/2/14 Rogério Soares 

> maybe i made some confusion here...
>
> i' can't get any call to libica, that is why a guess that is not working
> ... :-/
>
>
>
> On Mon, Feb 14, 2011 at 7:56 PM, Marcy Cortes <
> marcy.d.cor...@wellsfargo.com> wrote:
>
>> Ok, good that works.
>> And you should seen some incrementing in all those zero's down at the
>> bottom of /proc/drivers/z90crypt, correct?
>>
>> And you don't see any on SSH leading you to believe its not working for
>> ssh?
>>
>>
>>
>> Marcy Cortes
>>
>> Operating Systems Engineer, z/VM and Linux on System z
>> Enterprise Hosting Services, Mainframe/Midrange Services
>>
>> Wells Fargo Bank | 201 Third Street | San Francisco, CA 94103
>> MAC A0187-050
>> Tel 415-477-6343 | Cell 415-517-0895
>>
>> marcy.d.cor...@wellsfargo.com
>>
>> This message may contain confidential and/or privileged information. If
>> you are not the addressee or authorized to receive this for the addressee,
>> you must not use, copy, disclose, or take any action based on this message
>> or any information herein. If you have received this message in error,
>> please advise the sender immediately by reply e-mail and delete this
>> message. Thank you for your cooperation.
>>
>>
>> -Original Message-
>> From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
>> Rogério Soares
>> Sent: Monday, February 14, 2011 1:41 PM
>> To: LINUX-390@vm.marist.edu
>> Subject: Re: [LINUX-390] crypto with sshd
>>
>> Marcy,
>>
>>  with
>>
>> #openssl_conf = openssl_def
>>
>>
>> jbsp124:~ # openssl speed -evp des-ede3-cbc
>> Doing des-ede3-cbc for 3s on 16 size blocks: 4132050 des-ede3-cbc's in
>> 2.94s
>> Doing des-ede3-cbc for 3s on 64 size blocks: 1090654 des-ede3-cbc's in
>> 2.95s
>> Doing des-ede3-cbc for 3s on 256 size blocks: 276504 des-ede3-cbc's in
>> 2.97s
>> Doing des-ede3-cbc for 3s on 1024 size blocks: 69077 des-ede3-cbc's in
>> 2.96s
>> Doing des-ede3-cbc for 3s on 8192 size blocks: 8580 des-ede3-cbc's in
>> 2.94s
>> OpenSSL 0.9.8a 11 Oct 2005
>> built on: Mon Jul 27 13:51:43 UTC 2009
>> options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial)
>> blowfish(idx)
>> compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
>> -DDSO_DLFCN
>> -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0
>> -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
>> -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM
>> available timing options: TIMES TIMEB HZ=100 [sysconf value]
>> timing function used: times
>> The 'numbers' are in 1000s of bytes per second processed.
>> type 16 bytes 64 bytes256 bytes   1024 bytes   8192
>> bytes
>> des-ede3-cbc 22487.35k23661.65k23833.34k23896.91k
>> 23907.27k
>>
>>
>> with
>>
>> openssl_conf = openssl_def
>>
>> jbsp124:~ # vi /etc/ssl/openssl.cnf
>> jbsp124:~ # openssl speed -evp des-ede3-cbc
>> Doing des-ede3-cbc for 3s on 16 size blocks: 12827073 des-ede3-cbc's in
>> 2.97s
>> Doing des-ede3-cbc for 3s on 64 size blocks: 8270315 des-ede3-cbc's in
>> 2.97s
>> Doing des-ede3-cbc for 3s on 256 size blocks: 3360218 des-ede3-cbc's in
>> 2.97s
>> Doing des-ede3-cbc for 3s on 1024 size blocks: 1006040 des-ede3-cbc's in
>> 2.98s
>> Doing des-ede3-cbc for 3s on 8192 size blocks: 132563 des-ede3-cbc's in
>> 2.98s
>> OpenSSL 0.9.8a 11 Oct 2005
>> built on: Mon Jul 27 13:51:43 UTC 2009
>> options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial)
>> blowfish(idx)
>> compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
>> -DDSO_DLFCN
>> -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0
>> -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
>> -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM
>> available timing options: TIMES TIMEB HZ=100 [sysconf value]
>> timing function used: times
>> The 'numbers' are in 1000s of bytes per second processed.
>> type 16 bytes 64 bytes256 bytes   1024 bytes   8192
>> bytes
>> des-ede3-cbc 69102.08k   178215.54k   289634.95k   345699.65k
>> 364414.80k
>> jbsp124:~ #
>>
>>
>>
>>
>> On Mon, Feb 14, 2011 at 7:19 PM, Marcy Cortes <
>> marcy.d.cor...@wellsfargo.com
>> > wrote:
>>
>> > You have no card accessible to Linux.
>> >
>> > Do you have a OPTION CRYPTO APVIRT in your directory entry
>> > What do you get when you type
>> >
>> > Q CRYPTO AP   on VM.
>> >
>> >
>> >
>> > Marcy
>> >
>> >
>> > -Original Message-
>> > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
>> > Rogério Soares
>> > Sent: Monday, February 14, 2011 1:14 PM
>>

Re: crypto with sshd

2011-02-14 Thread Rogério Soares

another thing is SSHD cpu usage.. with or without, on large transfer cpu
usage is practicaly the same ...

2011/2/14 Rogério Soares 

> maybe i made some confusion here...
>
> i' can't get any call to libica, that is why a guess that is not working
> ... :-/
>
>
>
> On Mon, Feb 14, 2011 at 7:56 PM, Marcy Cortes <
> marcy.d.cor...@wellsfargo.com> wrote:
>
>> Ok, good that works.
>> And you should seen some incrementing in all those zero's down at the
>> bottom of /proc/drivers/z90crypt, correct?
>>
>> And you don't see any on SSH leading you to believe its not working for
>> ssh?
>>
>>
>>
>> Marcy Cortes
>>
>> Operating Systems Engineer, z/VM and Linux on System z
>> Enterprise Hosting Services, Mainframe/Midrange Services
>>
>> Wells Fargo Bank | 201 Third Street | San Francisco, CA 94103
>> MAC A0187-050
>> Tel 415-477-6343 | Cell 415-517-0895
>>
>> marcy.d.cor...@wellsfargo.com
>>
>> This message may contain confidential and/or privileged information. If
>> you are not the addressee or authorized to receive this for the addressee,
>> you must not use, copy, disclose, or take any action based on this message
>> or any information herein. If you have received this message in error,
>> please advise the sender immediately by reply e-mail and delete this
>> message. Thank you for your cooperation.
>>
>>
>> -Original Message-
>> From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
>> Rogério Soares
>> Sent: Monday, February 14, 2011 1:41 PM
>> To: LINUX-390@vm.marist.edu
>> Subject: Re: [LINUX-390] crypto with sshd
>>
>> Marcy,
>>
>>  with
>>
>> #openssl_conf = openssl_def
>>
>>
>> jbsp124:~ # openssl speed -evp des-ede3-cbc
>> Doing des-ede3-cbc for 3s on 16 size blocks: 4132050 des-ede3-cbc's in
>> 2.94s
>> Doing des-ede3-cbc for 3s on 64 size blocks: 1090654 des-ede3-cbc's in
>> 2.95s
>> Doing des-ede3-cbc for 3s on 256 size blocks: 276504 des-ede3-cbc's in
>> 2.97s
>> Doing des-ede3-cbc for 3s on 1024 size blocks: 69077 des-ede3-cbc's in
>> 2.96s
>> Doing des-ede3-cbc for 3s on 8192 size blocks: 8580 des-ede3-cbc's in
>> 2.94s
>> OpenSSL 0.9.8a 11 Oct 2005
>> built on: Mon Jul 27 13:51:43 UTC 2009
>> options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial)
>> blowfish(idx)
>> compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
>> -DDSO_DLFCN
>> -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0
>> -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
>> -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM
>> available timing options: TIMES TIMEB HZ=100 [sysconf value]
>> timing function used: times
>> The 'numbers' are in 1000s of bytes per second processed.
>> type 16 bytes 64 bytes256 bytes   1024 bytes   8192
>> bytes
>> des-ede3-cbc 22487.35k23661.65k23833.34k23896.91k
>> 23907.27k
>>
>>
>> with
>>
>> openssl_conf = openssl_def
>>
>> jbsp124:~ # vi /etc/ssl/openssl.cnf
>> jbsp124:~ # openssl speed -evp des-ede3-cbc
>> Doing des-ede3-cbc for 3s on 16 size blocks: 12827073 des-ede3-cbc's in
>> 2.97s
>> Doing des-ede3-cbc for 3s on 64 size blocks: 8270315 des-ede3-cbc's in
>> 2.97s
>> Doing des-ede3-cbc for 3s on 256 size blocks: 3360218 des-ede3-cbc's in
>> 2.97s
>> Doing des-ede3-cbc for 3s on 1024 size blocks: 1006040 des-ede3-cbc's in
>> 2.98s
>> Doing des-ede3-cbc for 3s on 8192 size blocks: 132563 des-ede3-cbc's in
>> 2.98s
>> OpenSSL 0.9.8a 11 Oct 2005
>> built on: Mon Jul 27 13:51:43 UTC 2009
>> options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial)
>> blowfish(idx)
>> compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
>> -DDSO_DLFCN
>> -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0
>> -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
>> -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM
>> available timing options: TIMES TIMEB HZ=100 [sysconf value]
>> timing function used: times
>> The 'numbers' are in 1000s of bytes per second processed.
>> type 16 bytes 64 bytes256 bytes   1024 bytes   8192
>> bytes
>> des-ede3-cbc 69102.08k   178215.54k   289634.95k   345699.65k
>> 364414.80k
>> jbsp124:~ #
>>
>>
>>
>>
>> On Mon, Feb 14, 2011 at 7:19 PM, Marcy Cortes <
>> marcy.d.cor...@wellsfargo.com
>> > wrote:
>>
>> > You have no card accessible to Linux.
>> >
>> > Do you have a OPTION CRYPTO APVIRT in your directory entry
>> > What do you get when you type
>> >
>> > Q CRYPTO AP   on VM.
>> >
>> >
>> >
>> > Marcy
>> >
>> >
>> > -Original Message-
>> > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
>> > Rogério Soares
>> > Sent: Monday, February 14, 2011 1:14 PM
>> > To: LINUX-390@vm.marist.edu
>> > Subject: Re: [LINUX-390] crypto with sshd
>> >
>> > and yes, i'm running under vm 6.1.
>> >
>> >
>> >
>> > On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes <
>> > marcy.d.cor...@wellsfargo.com
>> > > wrote:
>> >
>> > > I'm pretty sure SLES 10

Re: crypto with sshd

2011-02-14 Thread Rogério Soares

maybe i made some confusion here...

i' can't get any call to libica, that is why a guess that is not working ...
:-/


On Mon, Feb 14, 2011 at 7:56 PM, Marcy Cortes  wrote:

> Ok, good that works.
> And you should seen some incrementing in all those zero's down at the
> bottom of /proc/drivers/z90crypt, correct?
>
> And you don't see any on SSH leading you to believe its not working for
> ssh?
>
>
>
> Marcy Cortes
>
> Operating Systems Engineer, z/VM and Linux on System z
> Enterprise Hosting Services, Mainframe/Midrange Services
>
> Wells Fargo Bank | 201 Third Street | San Francisco, CA 94103
> MAC A0187-050
> Tel 415-477-6343 | Cell 415-517-0895
>
> marcy.d.cor...@wellsfargo.com
>
> This message may contain confidential and/or privileged information. If you
> are not the addressee or authorized to receive this for the addressee, you
> must not use, copy, disclose, or take any action based on this message or
> any information herein. If you have received this message in error, please
> advise the sender immediately by reply e-mail and delete this message. Thank
> you for your cooperation.
>
>
> -Original Message-
> From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
> Rogério Soares
> Sent: Monday, February 14, 2011 1:41 PM
> To: LINUX-390@vm.marist.edu
> Subject: Re: [LINUX-390] crypto with sshd
>
> Marcy,
>
>  with
>
> #openssl_conf = openssl_def
>
>
> jbsp124:~ # openssl speed -evp des-ede3-cbc
> Doing des-ede3-cbc for 3s on 16 size blocks: 4132050 des-ede3-cbc's in
> 2.94s
> Doing des-ede3-cbc for 3s on 64 size blocks: 1090654 des-ede3-cbc's in
> 2.95s
> Doing des-ede3-cbc for 3s on 256 size blocks: 276504 des-ede3-cbc's in
> 2.97s
> Doing des-ede3-cbc for 3s on 1024 size blocks: 69077 des-ede3-cbc's in
> 2.96s
> Doing des-ede3-cbc for 3s on 8192 size blocks: 8580 des-ede3-cbc's in 2.94s
> OpenSSL 0.9.8a 11 Oct 2005
> built on: Mon Jul 27 13:51:43 UTC 2009
> options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial)
> blowfish(idx)
> compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
> -DDSO_DLFCN
> -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0
> -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
> -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM
> available timing options: TIMES TIMEB HZ=100 [sysconf value]
> timing function used: times
> The 'numbers' are in 1000s of bytes per second processed.
> type 16 bytes 64 bytes256 bytes   1024 bytes   8192
> bytes
> des-ede3-cbc 22487.35k23661.65k23833.34k23896.91k
> 23907.27k
>
>
> with
>
> openssl_conf = openssl_def
>
> jbsp124:~ # vi /etc/ssl/openssl.cnf
> jbsp124:~ # openssl speed -evp des-ede3-cbc
> Doing des-ede3-cbc for 3s on 16 size blocks: 12827073 des-ede3-cbc's in
> 2.97s
> Doing des-ede3-cbc for 3s on 64 size blocks: 8270315 des-ede3-cbc's in
> 2.97s
> Doing des-ede3-cbc for 3s on 256 size blocks: 3360218 des-ede3-cbc's in
> 2.97s
> Doing des-ede3-cbc for 3s on 1024 size blocks: 1006040 des-ede3-cbc's in
> 2.98s
> Doing des-ede3-cbc for 3s on 8192 size blocks: 132563 des-ede3-cbc's in
> 2.98s
> OpenSSL 0.9.8a 11 Oct 2005
> built on: Mon Jul 27 13:51:43 UTC 2009
> options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial)
> blowfish(idx)
> compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT
> -DDSO_DLFCN
> -DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0
> -Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
> -fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM
> available timing options: TIMES TIMEB HZ=100 [sysconf value]
> timing function used: times
> The 'numbers' are in 1000s of bytes per second processed.
> type 16 bytes 64 bytes256 bytes   1024 bytes   8192
> bytes
> des-ede3-cbc 69102.08k   178215.54k   289634.95k   345699.65k
> 364414.80k
> jbsp124:~ #
>
>
>
>
> On Mon, Feb 14, 2011 at 7:19 PM, Marcy Cortes <
> marcy.d.cor...@wellsfargo.com
> > wrote:
>
> > You have no card accessible to Linux.
> >
> > Do you have a OPTION CRYPTO APVIRT in your directory entry
> > What do you get when you type
> >
> > Q CRYPTO AP   on VM.
> >
> >
> >
> > Marcy
> >
> >
> > -Original Message-
> > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
> > Rogério Soares
> > Sent: Monday, February 14, 2011 1:14 PM
> > To: LINUX-390@vm.marist.edu
> > Subject: Re: [LINUX-390] crypto with sshd
> >
> > and yes, i'm running under vm 6.1.
> >
> >
> >
> > On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes <
> > marcy.d.cor...@wellsfargo.com
> > > wrote:
> >
> > > I'm pretty sure SLES 10 SP3's openssh is already built correctly and
> you
> > > should not have to rebuild it.
> > > What do you get when you
> > > cat /proc/drivers/z90crypt  (please post)
> > > Are you running under VM?
> > >
> > >
> > > Marcy
> > >
> > > -Original Message-
> > > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu

Re: crypto with sshd

2011-02-14 Thread Marcy Cortes

Ok, good that works.
And you should seen some incrementing in all those zero's down at the bottom of 
/proc/drivers/z90crypt, correct?

And you don't see any on SSH leading you to believe its not working for ssh?



Marcy Cortes

Operating Systems Engineer, z/VM and Linux on System z
Enterprise Hosting Services, Mainframe/Midrange Services

Wells Fargo Bank | 201 Third Street | San Francisco, CA 94103
MAC A0187-050
Tel 415-477-6343 | Cell 415-517-0895

marcy.d.cor...@wellsfargo.com

This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.


-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of Rogério 
Soares
Sent: Monday, February 14, 2011 1:41 PM
To: LINUX-390@vm.marist.edu
Subject: Re: [LINUX-390] crypto with sshd

Marcy,

 with

#openssl_conf = openssl_def


jbsp124:~ # openssl speed -evp des-ede3-cbc
Doing des-ede3-cbc for 3s on 16 size blocks: 4132050 des-ede3-cbc's in 2.94s
Doing des-ede3-cbc for 3s on 64 size blocks: 1090654 des-ede3-cbc's in 2.95s
Doing des-ede3-cbc for 3s on 256 size blocks: 276504 des-ede3-cbc's in 2.97s
Doing des-ede3-cbc for 3s on 1024 size blocks: 69077 des-ede3-cbc's in 2.96s
Doing des-ede3-cbc for 3s on 8192 size blocks: 8580 des-ede3-cbc's in 2.94s
OpenSSL 0.9.8a 11 Oct 2005
built on: Mon Jul 27 13:51:43 UTC 2009
options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial)
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0
-Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
-fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes256 bytes   1024 bytes   8192
bytes
des-ede3-cbc 22487.35k23661.65k23833.34k23896.91k
23907.27k


with

openssl_conf = openssl_def

jbsp124:~ # vi /etc/ssl/openssl.cnf
jbsp124:~ # openssl speed -evp des-ede3-cbc
Doing des-ede3-cbc for 3s on 16 size blocks: 12827073 des-ede3-cbc's in
2.97s
Doing des-ede3-cbc for 3s on 64 size blocks: 8270315 des-ede3-cbc's in 2.97s
Doing des-ede3-cbc for 3s on 256 size blocks: 3360218 des-ede3-cbc's in
2.97s
Doing des-ede3-cbc for 3s on 1024 size blocks: 1006040 des-ede3-cbc's in
2.98s
Doing des-ede3-cbc for 3s on 8192 size blocks: 132563 des-ede3-cbc's in
2.98s
OpenSSL 0.9.8a 11 Oct 2005
built on: Mon Jul 27 13:51:43 UTC 2009
options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial)
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0
-Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
-fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes256 bytes   1024 bytes   8192
bytes
des-ede3-cbc 69102.08k   178215.54k   289634.95k   345699.65k
364414.80k
jbsp124:~ #




On Mon, Feb 14, 2011 at 7:19 PM, Marcy Cortes  wrote:

> You have no card accessible to Linux.
>
> Do you have a OPTION CRYPTO APVIRT in your directory entry
> What do you get when you type
>
> Q CRYPTO AP   on VM.
>
>
>
> Marcy
>
>
> -Original Message-
> From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
> Rogério Soares
> Sent: Monday, February 14, 2011 1:14 PM
> To: LINUX-390@vm.marist.edu
> Subject: Re: [LINUX-390] crypto with sshd
>
> and yes, i'm running under vm 6.1.
>
>
>
> On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes <
> marcy.d.cor...@wellsfargo.com
> > wrote:
>
> > I'm pretty sure SLES 10 SP3's openssh is already built correctly and you
> > should not have to rebuild it.
> > What do you get when you
> > cat /proc/drivers/z90crypt  (please post)
> > Are you running under VM?
> >
> >
> > Marcy
> >
> > -Original Message-
> > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
> > Rogério Soares
> > Sent: Monday, February 14, 2011 12:53 PM
> > To: LINUX-390@vm.marist.edu
> > Subject: Re: [LINUX-390] crypto with sshd
> >
> > i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35
> > package and change de spec file to include --ssl-engine and made a
> rpmbuild
> > .. that is why asking.. on paper is not clear if the change is only this
> or
> > something more... thanks anyway.
> >
> >
> >
> > On Mon, Feb 14, 2011 at 6

Re: crypto with sshd

2011-02-14 Thread Rogério Soares

Marcy,

 with

#openssl_conf = openssl_def


jbsp124:~ # openssl speed -evp des-ede3-cbc
Doing des-ede3-cbc for 3s on 16 size blocks: 4132050 des-ede3-cbc's in 2.94s
Doing des-ede3-cbc for 3s on 64 size blocks: 1090654 des-ede3-cbc's in 2.95s
Doing des-ede3-cbc for 3s on 256 size blocks: 276504 des-ede3-cbc's in 2.97s
Doing des-ede3-cbc for 3s on 1024 size blocks: 69077 des-ede3-cbc's in 2.96s
Doing des-ede3-cbc for 3s on 8192 size blocks: 8580 des-ede3-cbc's in 2.94s
OpenSSL 0.9.8a 11 Oct 2005
built on: Mon Jul 27 13:51:43 UTC 2009
options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial)
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0
-Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
-fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes256 bytes   1024 bytes   8192
bytes
des-ede3-cbc 22487.35k23661.65k23833.34k23896.91k
23907.27k


with

openssl_conf = openssl_def

jbsp124:~ # vi /etc/ssl/openssl.cnf
jbsp124:~ # openssl speed -evp des-ede3-cbc
Doing des-ede3-cbc for 3s on 16 size blocks: 12827073 des-ede3-cbc's in
2.97s
Doing des-ede3-cbc for 3s on 64 size blocks: 8270315 des-ede3-cbc's in 2.97s
Doing des-ede3-cbc for 3s on 256 size blocks: 3360218 des-ede3-cbc's in
2.97s
Doing des-ede3-cbc for 3s on 1024 size blocks: 1006040 des-ede3-cbc's in
2.98s
Doing des-ede3-cbc for 3s on 8192 size blocks: 132563 des-ede3-cbc's in
2.98s
OpenSSL 0.9.8a 11 Oct 2005
built on: Mon Jul 27 13:51:43 UTC 2009
options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) aes(partial)
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -DB_ENDIAN -DNO_ASM -DMD32_REG_T=int -O2 -fmessage-length=0
-Wall -g -fomit-frame-pointer -fno-strict-aliasing -DTERMIO -Wall
-fstack-protector -fbranch-probabilities -DB_ENDIAN -DNO_ASM
available timing options: TIMES TIMEB HZ=100 [sysconf value]
timing function used: times
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes256 bytes   1024 bytes   8192
bytes
des-ede3-cbc 69102.08k   178215.54k   289634.95k   345699.65k
364414.80k
jbsp124:~ #




On Mon, Feb 14, 2011 at 7:19 PM, Marcy Cortes  wrote:

> You have no card accessible to Linux.
>
> Do you have a OPTION CRYPTO APVIRT in your directory entry
> What do you get when you type
>
> Q CRYPTO AP   on VM.
>
>
>
> Marcy
>
>
> -Original Message-
> From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
> Rogério Soares
> Sent: Monday, February 14, 2011 1:14 PM
> To: LINUX-390@vm.marist.edu
> Subject: Re: [LINUX-390] crypto with sshd
>
> and yes, i'm running under vm 6.1.
>
>
>
> On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes <
> marcy.d.cor...@wellsfargo.com
> > wrote:
>
> > I'm pretty sure SLES 10 SP3's openssh is already built correctly and you
> > should not have to rebuild it.
> > What do you get when you
> > cat /proc/drivers/z90crypt  (please post)
> > Are you running under VM?
> >
> >
> > Marcy
> >
> > -Original Message-
> > From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
> > Rogério Soares
> > Sent: Monday, February 14, 2011 12:53 PM
> > To: LINUX-390@vm.marist.edu
> > Subject: Re: [LINUX-390] crypto with sshd
> >
> > i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35
> > package and change de spec file to include --ssl-engine and made a
> rpmbuild
> > .. that is why asking.. on paper is not clear if the change is only this
> or
> > something more... thanks anyway.
> >
> >
> >
> > On Mon, Feb 14, 2011 at 6:43 PM, Mark Post  wrote:
> >
> > > >>> On 2/14/2011 at 03:08 PM, Rogério Soares
> > > wrote:
> > > > Mark, i already did it too..
> > > >
> > > > jbsp124:~ # openssl engine
> > > > (dynamic) Dynamic engine loading support
> > > > (ibmca) Ibmca hardware engine support
> > > > jbsp124:~ #
> > > > jbsp124:~ #
> > > > jbsp124:~ # rpm -qa | grep openss
> > > > openssl-devel-0.9.8a-18.36
> > > > openssl-0.9.8a-18.36
> > > > openssh-askpass-4.2p1-18.40.35
> > > > openssl-ibmca-1.0.0-7.16
> > > > compat-openssl097g-0.9.7g-13.16
> > > > openssh-4.2p1-18.40.35
> > > >
> > > > on sshd server the only change is enable --ssl-engine ?
> > >
> > > You need to have a version of openSSH with the patch that actually
> > enables
> > > the use of SSL.  In the IBM paper, they were working with an modified
> > > version of openssh-5.1p1.  I doubt very much that a copy of the 4.2p1
> > source
> > > is going to have that.
> > >
> > >
> > > Mark Post
> > >
> > > --
> > > For LINUX-390 subscribe / signoff / archive access instructions,
> > > send email to lists..

Re: crypto with sshd

2011-02-14 Thread Marcy Cortes

You have no card accessible to Linux.

Do you have a OPTION CRYPTO APVIRT in your directory entry 
What do you get when you type 

Q CRYPTO AP   on VM.



Marcy 


-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of Rogério 
Soares
Sent: Monday, February 14, 2011 1:14 PM
To: LINUX-390@vm.marist.edu
Subject: Re: [LINUX-390] crypto with sshd

and yes, i'm running under vm 6.1.



On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes  wrote:

> I'm pretty sure SLES 10 SP3's openssh is already built correctly and you
> should not have to rebuild it.
> What do you get when you
> cat /proc/drivers/z90crypt  (please post)
> Are you running under VM?
>
>
> Marcy
>
> -Original Message-
> From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
> Rogério Soares
> Sent: Monday, February 14, 2011 12:53 PM
> To: LINUX-390@vm.marist.edu
> Subject: Re: [LINUX-390] crypto with sshd
>
> i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35
> package and change de spec file to include --ssl-engine and made a rpmbuild
> .. that is why asking.. on paper is not clear if the change is only this or
> something more... thanks anyway.
>
>
>
> On Mon, Feb 14, 2011 at 6:43 PM, Mark Post  wrote:
>
> > >>> On 2/14/2011 at 03:08 PM, Rogério Soares
> > wrote:
> > > Mark, i already did it too..
> > >
> > > jbsp124:~ # openssl engine
> > > (dynamic) Dynamic engine loading support
> > > (ibmca) Ibmca hardware engine support
> > > jbsp124:~ #
> > > jbsp124:~ #
> > > jbsp124:~ # rpm -qa | grep openss
> > > openssl-devel-0.9.8a-18.36
> > > openssl-0.9.8a-18.36
> > > openssh-askpass-4.2p1-18.40.35
> > > openssl-ibmca-1.0.0-7.16
> > > compat-openssl097g-0.9.7g-13.16
> > > openssh-4.2p1-18.40.35
> > >
> > > on sshd server the only change is enable --ssl-engine ?
> >
> > You need to have a version of openSSH with the patch that actually
> enables
> > the use of SSL.  In the IBM paper, they were working with an modified
> > version of openssh-5.1p1.  I doubt very much that a copy of the 4.2p1
> source
> > is going to have that.
> >
> >
> > Mark Post
> >
> > --
> > For LINUX-390 subscribe / signoff / archive access instructions,
> > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> > visit
> > http://www.marist.edu/htbin/wlvindex?LINUX-390
> > --
> > For more information on Linux on System z, visit
> > http://wiki.linuxvm.org/
> >
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: crypto with sshd

2011-02-14 Thread Marcy Cortes

Oops, Sorry .. You do have a crypto express 2.  I missed that!


So never mind that.

What do openssl speed test show?  Do you see the faster response there?



Marcy 



-Original Message-
From: Cortes, Marcy D. 
Sent: Monday, February 14, 2011 1:19 PM
To: LINUX-390@vm.marist.edu
Subject: RE: [LINUX-390] crypto with sshd

You have no card accessible to Linux.

Do you have a OPTION CRYPTO APVIRT in your directory entry 
What do you get when you type 

Q CRYPTO AP   on VM.



Marcy 


-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of Rogério 
Soares
Sent: Monday, February 14, 2011 1:14 PM
To: LINUX-390@vm.marist.edu
Subject: Re: [LINUX-390] crypto with sshd

and yes, i'm running under vm 6.1.



On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes  wrote:

> I'm pretty sure SLES 10 SP3's openssh is already built correctly and you
> should not have to rebuild it.
> What do you get when you
> cat /proc/drivers/z90crypt  (please post)
> Are you running under VM?
>
>
> Marcy
>
> -Original Message-
> From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
> Rogério Soares
> Sent: Monday, February 14, 2011 12:53 PM
> To: LINUX-390@vm.marist.edu
> Subject: Re: [LINUX-390] crypto with sshd
>
> i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35
> package and change de spec file to include --ssl-engine and made a rpmbuild
> .. that is why asking.. on paper is not clear if the change is only this or
> something more... thanks anyway.
>
>
>
> On Mon, Feb 14, 2011 at 6:43 PM, Mark Post  wrote:
>
> > >>> On 2/14/2011 at 03:08 PM, Rogério Soares
> > wrote:
> > > Mark, i already did it too..
> > >
> > > jbsp124:~ # openssl engine
> > > (dynamic) Dynamic engine loading support
> > > (ibmca) Ibmca hardware engine support
> > > jbsp124:~ #
> > > jbsp124:~ #
> > > jbsp124:~ # rpm -qa | grep openss
> > > openssl-devel-0.9.8a-18.36
> > > openssl-0.9.8a-18.36
> > > openssh-askpass-4.2p1-18.40.35
> > > openssl-ibmca-1.0.0-7.16
> > > compat-openssl097g-0.9.7g-13.16
> > > openssh-4.2p1-18.40.35
> > >
> > > on sshd server the only change is enable --ssl-engine ?
> >
> > You need to have a version of openSSH with the patch that actually
> enables
> > the use of SSL.  In the IBM paper, they were working with an modified
> > version of openssh-5.1p1.  I doubt very much that a copy of the 4.2p1
> source
> > is going to have that.
> >
> >
> > Mark Post
> >
> > --
> > For LINUX-390 subscribe / signoff / archive access instructions,
> > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> > visit
> > http://www.marist.edu/htbin/wlvindex?LINUX-390
> > --
> > For more information on Linux on System z, visit
> > http://wiki.linuxvm.org/
> >
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: crypto with sshd

2011-02-14 Thread Rogério Soares

and yes, i'm running under vm 6.1.



On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes  wrote:

> I'm pretty sure SLES 10 SP3's openssh is already built correctly and you
> should not have to rebuild it.
> What do you get when you
> cat /proc/drivers/z90crypt  (please post)
> Are you running under VM?
>
>
> Marcy
>
> -Original Message-
> From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
> Rogério Soares
> Sent: Monday, February 14, 2011 12:53 PM
> To: LINUX-390@vm.marist.edu
> Subject: Re: [LINUX-390] crypto with sshd
>
> i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35
> package and change de spec file to include --ssl-engine and made a rpmbuild
> .. that is why asking.. on paper is not clear if the change is only this or
> something more... thanks anyway.
>
>
>
> On Mon, Feb 14, 2011 at 6:43 PM, Mark Post  wrote:
>
> > >>> On 2/14/2011 at 03:08 PM, Rogério Soares
> > wrote:
> > > Mark, i already did it too..
> > >
> > > jbsp124:~ # openssl engine
> > > (dynamic) Dynamic engine loading support
> > > (ibmca) Ibmca hardware engine support
> > > jbsp124:~ #
> > > jbsp124:~ #
> > > jbsp124:~ # rpm -qa | grep openss
> > > openssl-devel-0.9.8a-18.36
> > > openssl-0.9.8a-18.36
> > > openssh-askpass-4.2p1-18.40.35
> > > openssl-ibmca-1.0.0-7.16
> > > compat-openssl097g-0.9.7g-13.16
> > > openssh-4.2p1-18.40.35
> > >
> > > on sshd server the only change is enable --ssl-engine ?
> >
> > You need to have a version of openSSH with the patch that actually
> enables
> > the use of SSL.  In the IBM paper, they were working with an modified
> > version of openssh-5.1p1.  I doubt very much that a copy of the 4.2p1
> source
> > is going to have that.
> >
> >
> > Mark Post
> >
> > --
> > For LINUX-390 subscribe / signoff / archive access instructions,
> > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> > visit
> > http://www.marist.edu/htbin/wlvindex?LINUX-390
> > --
> > For more information on Linux on System z, visit
> > http://wiki.linuxvm.org/
> >
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: crypto with sshd

2011-02-14 Thread Rogério Soares

WoW, here is

jbsp124:~ # cat /proc/driver/z90crypt

zcrypt version: 2.1.1
Cryptographic domain: 7
Total device count: 1
PCICA count: 0
PCICC count: 0
PCIXCC MCL2 count: 0
PCIXCC MCL3 count: 0
CEX2C count: 1
CEX2A count: 0
requestq count: 0
pendingq count: 0
Total open handles: 0


Online devices: 1=PCICA 2=PCICC 3=PCIXCC(MCL2) 4=PCIXCC(MCL3) 5=CEX2C
6=CEX2A
     5000 


Waiting work element counts
      


Per-device successfully completed request counts
       
       
       
       
       
       
       
       

jbsp124:~ #

Thanks Marcy!




On Mon, Feb 14, 2011 at 7:07 PM, Marcy Cortes  wrote:

> I'm pretty sure SLES 10 SP3's openssh is already built correctly and you
> should not have to rebuild it.
> What do you get when you
> cat /proc/drivers/z90crypt  (please post)
> Are you running under VM?
>
>
> Marcy
>
> -Original Message-
> From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of
> Rogério Soares
> Sent: Monday, February 14, 2011 12:53 PM
> To: LINUX-390@vm.marist.edu
> Subject: Re: [LINUX-390] crypto with sshd
>
> i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35
> package and change de spec file to include --ssl-engine and made a rpmbuild
> .. that is why asking.. on paper is not clear if the change is only this or
> something more... thanks anyway.
>
>
>
> On Mon, Feb 14, 2011 at 6:43 PM, Mark Post  wrote:
>
> > >>> On 2/14/2011 at 03:08 PM, Rogério Soares
> > wrote:
> > > Mark, i already did it too..
> > >
> > > jbsp124:~ # openssl engine
> > > (dynamic) Dynamic engine loading support
> > > (ibmca) Ibmca hardware engine support
> > > jbsp124:~ #
> > > jbsp124:~ #
> > > jbsp124:~ # rpm -qa | grep openss
> > > openssl-devel-0.9.8a-18.36
> > > openssl-0.9.8a-18.36
> > > openssh-askpass-4.2p1-18.40.35
> > > openssl-ibmca-1.0.0-7.16
> > > compat-openssl097g-0.9.7g-13.16
> > > openssh-4.2p1-18.40.35
> > >
> > > on sshd server the only change is enable --ssl-engine ?
> >
> > You need to have a version of openSSH with the patch that actually
> enables
> > the use of SSL.  In the IBM paper, they were working with an modified
> > version of openssh-5.1p1.  I doubt very much that a copy of the 4.2p1
> source
> > is going to have that.
> >
> >
> > Mark Post
> >
> > --
> > For LINUX-390 subscribe / signoff / archive access instructions,
> > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> > visit
> > http://www.marist.edu/htbin/wlvindex?LINUX-390
> > --
> > For more information on Linux on System z, visit
> > http://wiki.linuxvm.org/
> >
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: crypto with sshd

2011-02-14 Thread Marcy Cortes

I'm pretty sure SLES 10 SP3's openssh is already built correctly and you should 
not have to rebuild it.
What do you get when you 
cat /proc/drivers/z90crypt  (please post)
Are you running under VM?


Marcy 

-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@vm.marist.edu] On Behalf Of Rogério 
Soares
Sent: Monday, February 14, 2011 12:53 PM
To: LINUX-390@vm.marist.edu
Subject: Re: [LINUX-390] crypto with sshd

i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35
package and change de spec file to include --ssl-engine and made a rpmbuild
.. that is why asking.. on paper is not clear if the change is only this or
something more... thanks anyway.



On Mon, Feb 14, 2011 at 6:43 PM, Mark Post  wrote:

> >>> On 2/14/2011 at 03:08 PM, Rogério Soares
> wrote:
> > Mark, i already did it too..
> >
> > jbsp124:~ # openssl engine
> > (dynamic) Dynamic engine loading support
> > (ibmca) Ibmca hardware engine support
> > jbsp124:~ #
> > jbsp124:~ #
> > jbsp124:~ # rpm -qa | grep openss
> > openssl-devel-0.9.8a-18.36
> > openssl-0.9.8a-18.36
> > openssh-askpass-4.2p1-18.40.35
> > openssl-ibmca-1.0.0-7.16
> > compat-openssl097g-0.9.7g-13.16
> > openssh-4.2p1-18.40.35
> >
> > on sshd server the only change is enable --ssl-engine ?
>
> You need to have a version of openSSH with the patch that actually enables
> the use of SSL.  In the IBM paper, they were working with an modified
> version of openssh-5.1p1.  I doubt very much that a copy of the 4.2p1 source
> is going to have that.
>
>
> Mark Post
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: crypto with sshd

2011-02-14 Thread Rogério Soares

i get the rpm source version from SLES10SP3 to openssh-4.2p1-18.40.35
package and change de spec file to include --ssl-engine and made a rpmbuild
.. that is why asking.. on paper is not clear if the change is only this or
something more... thanks anyway.



On Mon, Feb 14, 2011 at 6:43 PM, Mark Post  wrote:

> >>> On 2/14/2011 at 03:08 PM, Rogério Soares
> wrote:
> > Mark, i already did it too..
> >
> > jbsp124:~ # openssl engine
> > (dynamic) Dynamic engine loading support
> > (ibmca) Ibmca hardware engine support
> > jbsp124:~ #
> > jbsp124:~ #
> > jbsp124:~ # rpm -qa | grep openss
> > openssl-devel-0.9.8a-18.36
> > openssl-0.9.8a-18.36
> > openssh-askpass-4.2p1-18.40.35
> > openssl-ibmca-1.0.0-7.16
> > compat-openssl097g-0.9.7g-13.16
> > openssh-4.2p1-18.40.35
> >
> > on sshd server the only change is enable --ssl-engine ?
>
> You need to have a version of openSSH with the patch that actually enables
> the use of SSL.  In the IBM paper, they were working with an modified
> version of openssh-5.1p1.  I doubt very much that a copy of the 4.2p1 source
> is going to have that.
>
>
> Mark Post
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: crypto with sshd

2011-02-14 Thread Mark Post

>>> On 2/14/2011 at 03:08 PM, Rogério Soares wrote: 
> Mark, i already did it too..
> 
> jbsp124:~ # openssl engine
> (dynamic) Dynamic engine loading support
> (ibmca) Ibmca hardware engine support
> jbsp124:~ #
> jbsp124:~ #
> jbsp124:~ # rpm -qa | grep openss
> openssl-devel-0.9.8a-18.36
> openssl-0.9.8a-18.36
> openssh-askpass-4.2p1-18.40.35
> openssl-ibmca-1.0.0-7.16
> compat-openssl097g-0.9.7g-13.16
> openssh-4.2p1-18.40.35
> 
> on sshd server the only change is enable --ssl-engine ?

You need to have a version of openSSH with the patch that actually enables the 
use of SSL.  In the IBM paper, they were working with an modified version of 
openssh-5.1p1.  I doubt very much that a copy of the 4.2p1 source is going to 
have that.


Mark Post

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: crypto with sshd

2011-02-14 Thread Rogério Soares

Mark, i already did it too..

jbsp124:~ # openssl engine
(dynamic) Dynamic engine loading support
(ibmca) Ibmca hardware engine support
jbsp124:~ #
jbsp124:~ #
jbsp124:~ # rpm -qa | grep openss
openssl-devel-0.9.8a-18.36
openssl-0.9.8a-18.36
openssh-askpass-4.2p1-18.40.35
openssl-ibmca-1.0.0-7.16
compat-openssl097g-0.9.7g-13.16
openssh-4.2p1-18.40.35

on sshd server the only change is enable --ssl-engine ?

Thanks again.


On Sun, Feb 13, 2011 at 10:41 PM, Mark Post  wrote:

> >>> On 2/12/2011 at 04:03 PM, Rogério Soares
> wrote:
> > i have installed all packages describe on paper.. appears like sshd is
> > not calling icalib, i just have recompile sshd with --ssl-engine, is just
> it
> > ? i do not understand very well on paper if the "PTF" is just is or
> > something more...
>
> You also have to modify the openssl configuration file to use the IBM ICA
> engine.
>
>
> Mark Post
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: SLES10 LPAR clone - OSA interface not found

2011-02-14 Thread Ursula Braun

Doug,

an OSA-card can be used in non-QDIO mode (OSE) or in QDIO-mode (OSD).
Your IOCDS-definition defines the type of your OSA-Express channel to be
OSE or OSD. If lscss displays a CU-Type 1731/01, your OSA-Express
channel is defined as OSD. In Linux the lcs-driver is responsible for
OSE-type channels and the qeth-driver is responsible for OSD-type
channels. For OSD-type devices a subchannel-triple is necessary to
create a qeth-device, for instance

echo 0.0.3200,0.0.3201,0.0.3202 > /sys/bus/ccwgroup/drivers/qeth/group

Regards, Ursula Braun, IBM Germany

On Fri, 2011-02-11 at 14:57 -0800, Lester, Doug wrote:
> Mark,
>
> This is the lscss output. How do I tell if it is in LCS mode?
>
> Device   Subchan.  DevType CU Type Use  PIM PAM POM  CHPIDs
> --
> 0.0.3200 0.0.1103  1732/01 1731/01  80  80  FF   0200 
> 0.0.3201 0.0.1104  1732/01 1731/01  80  80  FF   0200 
>
> Thanks,
>
> Doug

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: crypto with sshd

Re: crypto with sshd

Re: crypto with sshd

Re: crypto with sshd

Re: crypto with sshd

Re: crypto with sshd

Re: crypto with sshd

Re: crypto with sshd

Re: crypto with sshd

Re: crypto with sshd

Re: crypto with sshd

Re: crypto with sshd

Re: crypto with sshd

Re: crypto with sshd

Re: SLES10 LPAR clone - OSA interface not found

15 matches

Site Navigation

Mail list logo

Footer information