openssl工具调试ssl加密ftp

来源：互联网发布：程序员找bug搞笑图片编辑：程序博客网时间：2024/06/11 15:55

openssl s_client -starttls ftp -connect 172.20.1.10:21

vsftpd版本为2.1.0

参考：

http://zhumeng8337797.blog.163.com/blog/static/100768914201041492340697/

http://blog.csdn.net/as3luyuan123/article/details/16812071

1、用命令生成证书：

openssl req -new -x509 -nodes -out vsftpd.pem -keyout vsftpd.pem

2、改vsftpd使支持ssl

vi builddefs.h

#define VSF_BUILD_SSL

3、添加vsftpd.conf配置：

#add sslrsa_cert_file=/etc/pam.d/vsftpd/vsftpd.pemssl_enable=yesallow_anon_ssl=yesforce_local_data_ssl=NOforce_local_logins_ssl=YESforce_anon_data_ssl=NOforce_anon_logins_ssl=YESssl_sslv2=YES

只加密命令通道，不加密数据通道。

4、使用openssl命令登陆：

xy@xy-virtual-machine:~/tmp/vsftpd-2.1.0-ssl$ openssl s_client -starttls ftp  -connect 127.0.0.1:2121CONNECTED(00000003)depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltdverify error:num=18:self signed certificateverify return:1depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltdverify return:1---Certificate chain 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd   i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd---Server certificate-----BEGIN CERTIFICATE-----MIICWDCCAcGgAwIBAgIJALW4wKyZhkNRMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTQwNjIzMDU1MTA5WhcNMTQwNzIzMDU1MTA5WjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0t7a5HVPQJO6TL0XXkPmTLIAwnx/ZH1iFLGejiHjcCSswcQhsqyFvddvLH7xbIwdmJYb1z8v52hyHNEK4lBzJO5PACc4iswEP03ao1qxxoDmS/xN8BA8dpSmnkpklnznhg5JZedzrjvm5MUVzaNFfhWfvmiQuMpdc9zyP5sQRswIDAQABo1AwTjAdBgNVHQ4EFgQU8zg6xwyO0w7Gy2+6ZzgqByLqab4wHwYDVR0jBBgwFoAU8zg6xwyO0w7Gy2+6ZzgqByLqab4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBBk1sFAgdJn/dE/CGxT8pePdwDawcdhTVUDWK6Gp/pQzCedC27byuwPlglOvqRJp94ktW73RGMUYaCfiBl6EsTmFIVfLhWsczLr+Hnvow9hq+gwSpMtVk6AgE+tL/pxR8zZhsQAiL07FRwK71lMYvkTvFdaGQwV/b6cubI4ac6UQ==-----END CERTIFICATE-----subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltdissuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd---No client certificate CA names sent---SSL handshake has read 986 bytes and written 445 bytes---New, TLSv1/SSLv3, Cipher is DES-CBC3-SHAServer public key is 1024 bitSecure Renegotiation IS supportedCompression: NONEExpansion: NONESSL-Session:    Protocol  : TLSv1.1    Cipher    : DES-CBC3-SHA    Session-ID: CD38C07EDA87847331E2CAED0272DB07F55411FFA9A577CBB364B08F03901FCC    Session-ID-ctx:    Master-Key: BB469DB9D7993DB333D6E9CE4305C5F5A673B3AB3FC1E24387BA8A640C42C0B2                                                                                        DEA438C48B6EE257677A8DC31F241150    Key-Arg   : None    PSK identity: None    PSK identity hint: None    SRP username: None    TLS session ticket lifetime hint: 300 (seconds)    TLS session ticket:    0000 - 72 fa 13 19 ee 1b 18 29-6c 99 8e c8 32 b4 a6 81   r......)l...2...    0010 - 50 76 7c fb 55 83 e0 1c-94 64 86 e7 4b 94 43 0e   Pv|.U....d..K.C.    0020 - ad 07 e7 a7 c4 e9 2c ad-bd 96 dd 95 a5 bd a6 31   ......,........1    0030 - c6 4e 71 a6 ad 5b 24 d8-e0 21 e1 7e 54 c0 2d 25   .Nq..[$..!.~T.-%    0040 - 80 ec b8 d1 df 79 72 68-bd 7f fe 7e fc 84 4b e2   .....yrh...~..K.    0050 - 33 64 59 0d 79 0c d9 ef-ba 49 73 82 b0 60 70 44   3dY.y....Is..`pD    0060 - ba 54 0e 4f 0c 31 0c 51-a6 ce b5 07 0d f7 f2 71   .T.O.1.Q.......q    0070 - 3f 59 d8 36 6f 48 f4 f7-75 7e d1 a6 96 88 0b 3f   ?Y.6oH..u~.....?    0080 - 75 ea d8 bd 34 66 30 96-f1 4b 7a 7a 53 0a d8 f9   u...4f0..KzzS...    0090 - ea c7 5e 96 87 e4 21 be-65 d4 b2 70 83 4d 86 ae   ..^...!.e..p.M..    Start Time: 1403504143    Timeout   : 300 (sec)    Verify return code: 18 (self signed certificate)---220 (vsFTPd 2.1.0)user ftp331 Please specify the password.pass ftp230 Login successful.pasv227 Entering Passive Mode (127,0,0,1,224,190).list150 Here comes the directory listing.226 Directory send OK.

0 0