openssl s_client -starttls ftp ?-connect 172.20.1.10:21

vsftpd版本為2.1.0

參考：

http://zhumeng8337797.blog.163.com/blog/static/100768914201041492340697/

http://blog.csdn.net/as3luyuan123/article/details/16812071

1、用命令生成證書：

openssl req -new -x509 -nodes -out vsftpd.pem -keyout vsftpd.pem 2、改vsftpd使支持ssl vi builddefs.h #define VSF_BUILD_SSL 3、添加vsftpd.conf配置： #add ssl rsa_cert_file=/etc/pam.d/vsftpd/vsftpd.pem ssl_enable=yes allow_anon_ssl=yes force_local_data_ssl=NO force_local_logins_ssl=YES force_anon_data_ssl=NO force_anon_logins_ssl=YES ssl_sslv2=YES 只加密命令通道，不加密數據通道。

4、使用openssl命令登陸：

xy@xy-virtual-machine:~/tmp/vsftpd-2.1.0-ssl$ openssl s_client -starttls ftp -connect 127.0.0.1:2121 CONNECTED(00000003) depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd verify error:num=18:self signed certificate verify return:1 depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd verify return:1 --- Certificate chain0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltdi:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd --- Server certificate -----BEGIN CERTIFICATE----- MIICWDCCAcGgAwIBAgIJALW4wKyZhkNRMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMTQwNjIzMDU1MTA5WhcNMTQwNzIzMDU1MTA5WjBF MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQC0t7a5HVPQJO6TL0XXkPmTLIAwnx/ZH1iFLGejiHjcCSswcQhsqyFvddvLH7xb IwdmJYb1z8v52hyHNEK4lBzJO5PACc4iswEP03ao1qxxoDmS/xN8BA8dpSmnkpkl nznhg5JZedzrjvm5MUVzaNFfhWfvmiQuMpdc9zyP5sQRswIDAQABo1AwTjAdBgNV HQ4EFgQU8zg6xwyO0w7Gy2+6ZzgqByLqab4wHwYDVR0jBBgwFoAU8zg6xwyO0w7G y2+6ZzgqByLqab4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBBk1sF AgdJn/dE/CGxT8pePdwDawcdhTVUDWK6Gp/pQzCedC27byuwPlglOvqRJp94ktW7 3RGMUYaCfiBl6EsTmFIVfLhWsczLr+Hnvow9hq+gwSpMtVk6AgE+tL/pxR8zZhsQ AiL07FRwK71lMYvkTvFdaGQwV/b6cubI4ac6UQ== -----END CERTIFICATE----- subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd --- No client certificate CA names sent --- SSL handshake has read 986 bytes and written 445 bytes --- New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session:Protocol : TLSv1.1Cipher : DES-CBC3-SHASession-ID: CD38C07EDA87847331E2CAED0272DB07F55411FFA9A577CBB364B08F03901FCCSession-ID-ctx:Master-Key: BB469DB9D7993DB333D6E9CE4305C5F5A673B3AB3FC1E24387BA8A640C42C0B2 DEA438C48B6EE257677A8DC31F241150Key-Arg : NonePSK identity: NonePSK identity hint: NoneSRP username: NoneTLS session ticket lifetime hint: 300 (seconds)TLS session ticket:0000 - 72 fa 13 19 ee 1b 18 29-6c 99 8e c8 32 b4 a6 81 r......)l...2...0010 - 50 76 7c fb 55 83 e0 1c-94 64 86 e7 4b 94 43 0e Pv|.U....d..K.C.0020 - ad 07 e7 a7 c4 e9 2c ad-bd 96 dd 95 a5 bd a6 31 ......,........10030 - c6 4e 71 a6 ad 5b 24 d8-e0 21 e1 7e 54 c0 2d 25 .Nq..[$..!.~T.-%0040 - 80 ec b8 d1 df 79 72 68-bd 7f fe 7e fc 84 4b e2 .....yrh...~..K.0050 - 33 64 59 0d 79 0c d9 ef-ba 49 73 82 b0 60 70 44 3dY.y....Is..`pD0060 - ba 54 0e 4f 0c 31 0c 51-a6 ce b5 07 0d f7 f2 71 .T.O.1.Q.......q0070 - 3f 59 d8 36 6f 48 f4 f7-75 7e d1 a6 96 88 0b 3f ?Y.6oH..u~.....?0080 - 75 ea d8 bd 34 66 30 96-f1 4b 7a 7a 53 0a d8 f9 u...4f0..KzzS...0090 - ea c7 5e 96 87 e4 21 be-65 d4 b2 70 83 4d 86 ae ..^...!.e..p.M..Start Time: 1403504143Timeout : 300 (sec)Verify return code: 18 (self signed certificate) --- 220 (vsFTPd 2.1.0) user ftp 331 Please specify the password. pass ftp 230 Login successful. pasv 227 Entering Passive Mode (127,0,0,1,224,190). list 150 Here comes the directory listing. 226 Directory send OK.

總結

以上是生活随笔為你收集整理的openssl工具调试ssl加密ftp的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。