First of all - my bad re: the FIPS numbering - you are quite right.
re: part of AIX for ages - yes and no - imho. First it was not on the "bos" cd/dvd, later it was. However, even back when AIX 5.3 TL7 was released (openssh-*.4500) ssh and sshd did not link with openssl.base - they had internal aka static libraries they linked with).
Once upon a time AIX started releasing a version of OpenSSH that was based on openbsd (who are nice enough to maintain openssh) openssh-6.0p1
Hence on AIX
root@x072:[/]oslevel -s
ssh -V
7100-03-05-1524
root@x072:[/]ssh -V
OpenSSH_6.0p1, OpenSSL 1.0.1e 11 Feb 2013
root@x072:[/]lslpp -L | grep openss
openssh.base.client 6.0.0.6103 C F Open Secure Shell Commands
openssh.base.server 6.0.0.6103 C F Open Secure Shell Server
openssl.base 1.0.1.513 C F Open Secure Socket Layer
openssl.license 1.0.1.513 C F Open Secure Socket License
FYI: openssl.*.1.0.1.514 is the latest one I have seen as an installp. I have not looked for while for a later one. And I have quite a few versions of openssl (don't you love testing !!)
michael@x071:[/data/prj/AIX/openssl]ls -l
total 36
drwxr-xr-x 2 michael felt 4096 Jul 16 13:43 openssl-0.9.8.4
drwxr-xr-x 2 michael felt 4096 Jul 16 13:44 openssl-0.9.8.401-aix52
drwxr-xr-x 2 michael felt 4096 Jul 16 13:55 openssl-0.9.8.410
drwxr-xr-x 2 michael felt 4096 Jul 16 13:46 openssl-0.9.8.411
drwxr-xr-x 2 michael felt 4096 Jul 16 13:47 openssl-0.9.8.600
drwxr-xr-x 2 michael felt 4096 Jul 16 13:48 openssl-0.9.8.601
drwxr-xr-x 4 michael felt 4096 Jul 24 13:20 openssl-0.9.8.XXXX
lrwxrwxrwx 1 root system 36 Jul 30 10:07 openssl-1.0.1.514 -> openssl-1.0.1.XXXX/openssl-1.0.1.514
drwxr-xr-x 3 michael felt 4096 Jul 24 14:21 openssl-1.0.1.XXXX
drwxr-xr-x 2 michael felt 4096 Jul 16 14:22 openssl-aix52
And in the details ...
michael@x071:[/data/prj/AIX/openssl]ls -l openssl-0.9.8.XXXX
total 308852
-rw-r--r-- 1 michael felt 6450493 Jul 16 14:23 61ssl98m.tar.Z
-rw-r--r-- 1 michael felt 1620 Jul 16 14:19 Readme-0.9.8.1800.txt
-rw-r--r-- 1 michael felt 3157 Jul 16 14:17 Readme-0.9.8.1801.txt
-rw-r--r-- 1 michael felt 4650 Jul 16 14:17 Readme-0.9.8.1802.txt
-rw-r--r-- 1 michael felt 1617 Jul 16 14:16 Readme-0.9.8.2400.txt
-rw-r--r-- 1 michael felt 1617 Jul 16 14:16 Readme-0.9.8.2500.txt
-rw-r--r-- 1 michael felt 1720 Jul 16 14:15 Readme-0.9.8.2501.txt
-rw-r--r-- 1 michael felt 2892 Jul 16 14:15 Readme-0.9.8.2502.txt
-rw-r--r-- 1 michael felt 4035 Jul 16 14:14 Readme-0.9.8.2503.txt
-rw-r--r-- 1 michael felt 4444 Jul 16 14:14 Readme-0.9.8.2504.txt
-rw-r--r-- 1 michael felt 5165 Jul 16 14:13 Readme-0.9.8.2505.txt
-rw-r--r-- 1 michael felt 423 Jul 16 14:10 Readme-1.0.1.500.txt
-rw-r--r-- 1 michael felt 422 Jul 16 14:10 Readme-1.0.1.501.txt
-rw-r--r-- 1 michael felt 3014 Jul 16 14:12 Readme-12.9.8.2501.txt
-rw-r--r-- 1 michael felt 4413 Jul 16 14:12 Readme-12.9.8.2502.txt
-rw-r--r-- 1 michael felt 5554 Jul 16 14:11 Readme-12.9.8.2503.txt
-rw-r--r-- 1 michael felt 5963 Jul 16 14:11 Readme-12.9.8.2504.txt
-rw-r--r-- 1 michael felt 6927 Jul 16 14:11 Readme-12.9.8.2505.txt
-rw-r--r-- 1 michael felt 2911 Jul 16 14:16 Readme-fips-12.9.8.2400.txt
-rw-r--r-- 1 michael felt 2911 Jul 16 14:13 Readme-fips-12.9.8.2500.txt
-rw-r--r-- 1 michael felt 2693 Jul 16 13:54 Readme-fips.12.9.8.1100.txt
-rw-r--r-- 1 michael felt 2937 Jul 16 13:54 Readme-fips.12.9.8.1101.txt
-rw-r--r-- 1 michael felt 3081 Jul 16 13:59 Readme-fips.12.9.8.1102.txt
-rw-r--r-- 1 michael felt 3648 Jul 16 14:23 Readme-fips.12.9.8.1104.txt
-rw-r--r-- 1 michael felt 4918 Jul 16 14:21 Readme-fips.12.9.8.1301.txt
-rw-r--r-- 1 michael felt 5131 Jul 16 14:21 Readme-fips.12.9.8.1302.txt
-rw-r--r-- 1 michael felt 2902 Jul 16 14:19 Readme-fips.12.9.8.1800.txt
-rw-r--r-- 1 michael felt 4502 Jul 16 14:18 Readme-fips.12.9.8.1801.txt
-rw-r--r-- 1 michael felt 5995 Jul 16 14:17 Readme-fips.12.9.8.1802.txt
-rw-r--r-- 1 michael felt 1358 Jul 16 13:55 Readme.0.9.8.1100.txt
-rw-r--r-- 1 michael felt 1662 Jul 16 13:56 Readme.0.9.8.1102.txt
-rw-r--r-- 1 michael felt 2226 Jul 16 14:23 Readme.0.9.8.1104.txt
-rw-r--r-- 1 michael felt 1413 Jul 16 14:23 Readme.0.9.8.1300.txt
-rw-r--r-- 1 michael felt 3556 Jul 16 14:21 Readme.0.9.8.1301.txt
-rw-r--r-- 1 michael felt 3795 Jul 16 14:20 Readme.0.9.8.1302.txt
-rw-r--r-- 1 michael felt 1591 Jul 16 13:50 Readme.0.9.8.802
-rw-r--r-- 1 michael felt 1542 Jul 16 13:51 Readme.0.9.8.803-AIX-5.3_6.1.txt
-rw-r--r-- 1 michael felt 1555 Jul 16 13:54 Readme.0.9.8.840-AIX-5.3_6.1.txt
-rw-r--r-- 1 michael felt 1242 Jul 16 13:49 Readme.9.8.801.txt
drwxr-xr-x 2 michael felt 4096 Jul 24 13:21 openssl-0.9.8.1302
-rw-r--r-- 1 michael felt 6456887 Jul 16 14:20 openssl-0.9.8.1302.tar.Z
-rw-r--r-- 1 michael felt 6430789 Jul 16 14:19 openssl-0.9.8.1800.tar.Z
-rw-r--r-- 1 michael felt 6407523 Jul 16 14:17 openssl-0.9.8.1801.tar.Z
-rw-r--r-- 1 michael felt 6400451 Jul 16 14:16 openssl-0.9.8.1802.tar.Z
-rw-r--r-- 1 michael felt 6442513 Jul 16 14:16 openssl-0.9.8.2400.tar.Z
-rw-r--r-- 1 michael felt 6438535 Jul 16 14:15 openssl-0.9.8.2500.tar.Z
-rw-r--r-- 1 michael felt 10197469 Jul 16 14:15 openssl-0.9.8.2501.tar.Z
-rw-r--r-- 1 michael felt 10206027 Jul 16 14:14 openssl-0.9.8.2502.tar.Z
-rw-r--r-- 1 michael felt 10189176 Jul 16 14:14 openssl-0.9.8.2503.tar.Z
-rw-r--r-- 1 michael felt 17713505 Jul 16 14:13 openssl-0.9.8.2504.tar.Z
drwx------ 2 435159 417786 4096 Jul 16 14:28 openssl-0.9.8.2505
-rw-r--r-- 1 michael felt 10196756 Jul 16 14:13 openssl-0.9.8.2505.tar.Z
-rw-r--r-- 1 michael felt 7810255 Jul 16 14:21 openssl-fips-12.9.8.1302.tar.Z
-rw-r--r-- 1 michael felt 7777095 Jul 16 14:19 openssl-fips-12.9.8.1800.tar.Z
-rw-r--r-- 1 michael felt 7778075 Jul 16 14:18 openssl-fips-12.9.8.1801.tar.Z
-rw-r--r-- 1 michael felt 7785833 Jul 16 14:17 openssl-fips-12.9.8.1802.tar.Z
-rw-r--r-- 1 michael felt 7742959 Jul 16 14:16 openssl-fips-12.9.8.2400.tar.Z
-rw-r--r-- 1 michael felt 7777855 Jul 16 14:12 openssl-fips-12.9.8.2500.tar.Z
-rw-r--r-- 1 michael felt 12193100 Jul 16 14:12 openssl-fips-12.9.8.2501.tar.Z
-rw-r--r-- 1 michael felt 12219453 Jul 16 14:12 openssl-fips-12.9.8.2502.tar.Z
-rw-r--r-- 1 michael felt 12189522 Jul 16 14:11 openssl-fips-12.9.8.2503.tar.Z
-rw-r--r-- 1 michael felt 19710221 Jul 16 14:11 openssl-fips-12.9.8.2504.tar.Z
-rw-r--r-- 1 michael felt 12198169 Jul 16 14:10 openssl-fips-12.9.8.2505.tar.Z
-rw-r--r-- 1 michael felt 7715223 Jul 16 13:54 openssl-fips.12.9.8.1100.tar.Z
-rw-r--r-- 1 michael felt 7699778 Jul 16 13:54 openssl-fips.12.9.8.1101.tar.Z
-rw-r--r-- 1 michael felt 7703907 Jul 16 13:59 openssl-fips.12.9.8.1102.tar.Z
-rw-r--r-- 1 michael felt 7687487 Jul 16 14:23 openssl-fips.12.9.8.1104.tar.Z
-rw-r--r-- 1 michael felt 7819049 Jul 16 14:21 openssl-fips.12.9.8.1301.tar.Z
-rw-r--r-- 1 michael felt 6335431 Jul 16 13:56 openssl.0.9.8.1100.tar.Z
-rw-r--r-- 1 michael felt 6330255 Jul 16 13:55 openssl.0.9.8.1101.tar.Z
-rw-r--r-- 1 michael felt 6323679 Jul 16 13:56 openssl.0.9.8.1102.tar.Z
-rw-r--r-- 1 michael felt 6329549 Jul 16 14:22 openssl.0.9.8.1104.tar.Z
-rw-r--r-- 1 michael felt 6445169 Jul 16 14:21 openssl.0.9.8.1301.tar.Z
-rw-r--r-- 1 michael felt 6679931 Jul 16 13:49 openssl.0.9.8.802.tar.Z
-rw-r--r-- 1 michael felt 6679411 Jul 16 13:51 openssl.0.9.8.803-AIX-5.3_6.1.tar.Z
-rw-r--r-- 1 michael felt 6710648 Jul 16 13:53 openssl.0.9.8.840-AIX5.3_6.1.tar.Z
-rw-r--r-- 1 michael felt 6680723 Jul 16 13:49 openssl.9.8.801.tar.Z
So, from memory, the .2500 was OpenSSL-0.9.8z and the latest I have here (.2505) would be 0.9.8.ze
If you want the "latest" - may I "offer" OpenSSH-6.0p1 or OpenSSH-7.1p1?
AIX 5.3 TL7
root@x064:[/]ssh -V
OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006
installp -d /data/prj/AIX/openssl/*514 -aYc openssl.base
...
Pre-installation Failure/Warning Summary
----------------------------------------
Name Level Pre-installation Failure/Warning
-------------------------------------------------------------------------------
openssl.base 1.0.1.514 Already installed
Like I said - the openssh from way back when did not use the openssl package.
From my aixtools openssh page: OpenSSH - AIXTOOLS The latest and greatest (can be installed in parallel - it does reconfigure the SRC system)
Before:
root@x064:[/]odmget -q subsysname=sshd SRCsubsys
SRCsubsys:
subsysname = "sshd"
synonym = ""
cmdargs = "-D"
path = "/usr/sbin/sshd"
uid = 0
auditid = 0
standin = "/dev/console"
standout = "/dev/console"
standerr = "/dev/console"
action = 1
multi = 0
contact = 2
svrkey = 0
svrmtype = 0
priority = 20
signorm = 15
sigforce = 9
display = 1
waittime = 20
grpname = "ssh"
After:
root@x064:[/]type ssh
ssh is /opt/bin/ssh
root@x064:[/]ssh -V
OpenSSH_7.1p1, OpenSSL 1.0.1e 11 Feb 2013
root@x064:[/]odmget -q subsysname=sshd SRCsubsys
SRCsubsys:
subsysname = "sshd"
synonym = ""
cmdargs = "-D"
path = "/opt/sbin/sshd"
uid = 0
auditid = 0
standin = "/dev/console"
standout = "/dev/console"
standerr = "/dev/console"
action = 1
multi = 0
contact = 2
svrkey = 0
svrmtype = 0
priority = 20
signorm = 15
sigforce = 9
display = 1
waittime = 20
grpname = "ssh"
Install comand:
root@x064:[/]installp -a -d /data/aixtools/tools aixtools.openbsd.openssh.rte
+-----------------------------------------------------------------------------+
Pre-installation Verification...
+-----------------------------------------------------------------------------+
Verifying selections...done
Verifying requisites...done
Results...
WARNINGS
--------
Problems described in this section are not likely to be the source of any
immediate or serious failures, but further actions may be necessary or
desired.
Conflicting Versions of Filesets
--------------------------------
The following filesets are conflicting versions of filesets for which there
are multiple versions on the installation media. Since a specific version
was not selected, the newest installable version has been selected.
aixtools.openbsd.openssh.rte 6.8.0.1601 # 1525 0625 1338
aixtools.openbsd.openssh.rte 7.1.0.1601 # 1537 0917 1039
aixtools.openbsd.openssh.rte 6.8.1.1601 # 1541 1016 0754
aixtools.openbsd.openssh.rte 6.9.1.1601 # 1541 1016 0753
aixtools.openbsd.openssh.rte 6.9.0.1601 # 1537 0917 0928
<< End of Warning Section >>
SUCCESSES
---------
Filesets listed in this section passed pre-installation verification
and will be installed.
Selected Filesets
-----------------
aixtools.openbsd.openssh.rte 7.1.1.1601 # 1541 1016 0755
<< End of Success Section >>
+-----------------------------------------------------------------------------+
BUILDDATE Verification ...
+-----------------------------------------------------------------------------+
Verifying build dates...done
FILESET STATISTICS
------------------
1 Selected to be installed, of which:
1 Passed pre-installation verification
----
1 Total to be installed
+-----------------------------------------------------------------------------+
Installing Software...
+-----------------------------------------------------------------------------+
installp: APPLYING software for:
aixtools.openbsd.openssh.rte 7.1.1.1601
+-------OpenSSH CONFIG Checking for Ciphers and KeyExchanges -----------------+
Creating host keys if required.
/var/openssh/etc/ssh_host_key already exists, skipping.
/var/openssh/etc/ssh_host_dsa_key already exists, skipping.
/var/openssh/etc/ssh_host_rsa_key already exists, skipping.
Generating public/private ecdsa key pair.
Your identification has been saved in /var/openssh/etc/ssh_host_ecdsa_key.
Your public key has been saved in /var/openssh/etc/ssh_host_ecdsa_key.pub.
The key fingerprint is:
SHA256:yGRoPkLu9zDHi9xmGwJepAhhcI2clKxdEe6R7y7Xx1A root@x064
The key's randomart image is:
+---[ECDSA 256]---+
|+=o=oo |
|.o*.oo |
|.o..B o |
|o+.* * . E |
|. = = + S. |
| o + + . |
| o = =. o |
| o.X+o. o |
| o=*. . |
+----[SHA256]-----+
Generating public/private ed25519 key pair.
Your identification has been saved in /var/openssh/etc/ssh_host_ed25519_key.
Your public key has been saved in /var/openssh/etc/ssh_host_ed25519_key.pub.
The key fingerprint is:
SHA256:+SzJ9nletCi7Pg8kG1zttB8penJ53vQY7iEqUT5yrDU root@x064
The key's randomart image is:
+--[ED25519 256]--+
| |
| . |
| . o |
| . o.o . . |
| S+. + + |
| .oOE. * o |
| **Bo* B .|
| .oo.X.* *.|
| oB*o.= o|
+----[SHA256]-----+
0513-044 The sshd Subsystem was requested to stop.
0513-071 The sshd Subsystem has been added.
0513-059 The sshd Subsystem has been started. Subsystem PID is 319700.
Finished processing all filesets. (Total time: 5 secs).
+-----------------------------------------------------------------------------+
Summaries:
+-----------------------------------------------------------------------------+
Installation Summary
--------------------
Name Level Part Event Result
-------------------------------------------------------------------------------
aixtools.openbsd.openssh.rt 7.1.1.1601 USR APPLY SUCCESS
aixtools.openbsd.openssh.rt 7.1.1.1601 ROOT APPLY SUCCESS
Note: OpenSSH-7.1p1 is NOT my favorite as there are many changes to the default behavior with regard to root logins. If you are not using PKI for root login (of course you are not using passwords) - then you will not have any issues. However, if you are - you may prefer the OpenSSH-6.0p1 (aixtools.openbsd.openssh-6.9.1.1601 packaging).
Hope this very long read actually helps !!!
IMPORTANT
Should you use my packaging - the key config files are copied from /etc/ssh to /var/openssh/etc - check out the files there and compare them. I have also setup the uninstall to restore the default AIX settings should you decide to not use it after all (i.e., they can co-exist side-by side)
root@x064:[/]ssh -V
OpenSSH_7.1p1, OpenSSL 1.0.1e 11 Feb 2013
root@x064:[/]/usr/bin/ssh -V
OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006
root@x064:[/]oslevel -s
5300-07-00-0000