openssl s_client -starttls ftp -connect 172.20.1.10:21
vsftpd版本爲2.1.0
參考:
http://zhumeng8337797.blog.163.com/blog/static/100768914201041492340697/
http://blog.csdn.net/as3luyuan123/article/details/16812071
1、用命令生成證書:
openssl req -new -x509 -nodes -out vsftpd.pem -keyout vsftpd.pem
2、改vsftpd使支持ssl
vi builddefs.h
#define VSF_BUILD_SSL
3、添加vsftpd.conf配置:
#add ssl rsa_cert_file=/etc/pam.d/vsftpd/vsftpd.pem ssl_enable=yes allow_anon_ssl=yes force_local_data_ssl=NO force_local_logins_ssl=YES force_anon_data_ssl=NO force_anon_logins_ssl=YES ssl_sslv2=YES只加密命令通道,不加密數據通道。
4、使用openssl命令登陸:
xy@xy-virtual-machine:~/tmp/vsftpd-2.1.0-ssl$ openssl s_client -starttls ftp -connect 127.0.0.1:2121
CONNECTED(00000003)
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
---
Certificate chain
0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICWDCCAcGgAwIBAgIJALW4wKyZhkNRMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTQwNjIzMDU1MTA5WhcNMTQwNzIzMDU1MTA5WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQC0t7a5HVPQJO6TL0XXkPmTLIAwnx/ZH1iFLGejiHjcCSswcQhsqyFvddvLH7xb
IwdmJYb1z8v52hyHNEK4lBzJO5PACc4iswEP03ao1qxxoDmS/xN8BA8dpSmnkpkl
nznhg5JZedzrjvm5MUVzaNFfhWfvmiQuMpdc9zyP5sQRswIDAQABo1AwTjAdBgNV
HQ4EFgQU8zg6xwyO0w7Gy2+6ZzgqByLqab4wHwYDVR0jBBgwFoAU8zg6xwyO0w7G
y2+6ZzgqByLqab4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBBk1sF
AgdJn/dE/CGxT8pePdwDawcdhTVUDWK6Gp/pQzCedC27byuwPlglOvqRJp94ktW7
3RGMUYaCfiBl6EsTmFIVfLhWsczLr+Hnvow9hq+gwSpMtVk6AgE+tL/pxR8zZhsQ
AiL07FRwK71lMYvkTvFdaGQwV/b6cubI4ac6UQ==
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
---
SSL handshake has read 986 bytes and written 445 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.1
Cipher : DES-CBC3-SHA
Session-ID: CD38C07EDA87847331E2CAED0272DB07F55411FFA9A577CBB364B08F03901FCC
Session-ID-ctx:
Master-Key: BB469DB9D7993DB333D6E9CE4305C5F5A673B3AB3FC1E24387BA8A640C42C0B2 DEA438C48B6EE257677A8DC31F241150
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 72 fa 13 19 ee 1b 18 29-6c 99 8e c8 32 b4 a6 81 r......)l...2...
0010 - 50 76 7c fb 55 83 e0 1c-94 64 86 e7 4b 94 43 0e Pv|.U....d..K.C.
0020 - ad 07 e7 a7 c4 e9 2c ad-bd 96 dd 95 a5 bd a6 31 ......,........1
0030 - c6 4e 71 a6 ad 5b 24 d8-e0 21 e1 7e 54 c0 2d 25 .Nq..[$..!.~T.-%
0040 - 80 ec b8 d1 df 79 72 68-bd 7f fe 7e fc 84 4b e2 .....yrh...~..K.
0050 - 33 64 59 0d 79 0c d9 ef-ba 49 73 82 b0 60 70 44 3dY.y....Is..`pD
0060 - ba 54 0e 4f 0c 31 0c 51-a6 ce b5 07 0d f7 f2 71 .T.O.1.Q.......q
0070 - 3f 59 d8 36 6f 48 f4 f7-75 7e d1 a6 96 88 0b 3f ?Y.6oH..u~.....?
0080 - 75 ea d8 bd 34 66 30 96-f1 4b 7a 7a 53 0a d8 f9 u...4f0..KzzS...
0090 - ea c7 5e 96 87 e4 21 be-65 d4 b2 70 83 4d 86 ae ..^...!.e..p.M..
Start Time: 1403504143
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
220 (vsFTPd 2.1.0)
user ftp
331 Please specify the password.
pass ftp
230 Login successful.
pasv
227 Entering Passive Mode (127,0,0,1,224,190).
list
150 Here comes the directory listing.
226 Directory send OK.