본문 바로가기

리눅스

[리눅스] ftps(ftp + ssl) 클라이언트 접속 방법

728x90

lftp 패키지 설치

$ yum install -y lftp
$ lftp --version
LFTP | Version 4.4.8 | Copyright (c) 1996-2013 Alexander V. Lukyanov

LFTP is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with LFTP.  If not, see <http://www.gnu.org/licenses/>.

Send bug reports and questions to the mailing list <lftp@uniyar.ac.ru>.

Libraries used: Readline 6.2
$ lftp --help
Usage: lftp [OPTS] <site>
`lftp' is the first command executed by lftp after rc files
 -f <file>           execute commands from the file and exit
 -c <cmd>            execute the commands and exit
 --help              print this help and exit
 --version           print lftp version and exit
Other options are the same as in `open' command
 -e <cmd>            execute the command just after selecting
 -u <user>[,<pass>]  use the user/password for authentication
 -p <port>           use the port for connection
 <site>              host name, URL or bookmark name

ftps(ftp + ssl) 클라이언트 접속 방법

1. 명령어 나열하여 접속

$ lftp -e "set ftp:ssl-auth TLS; set ftp:ssl-force true; set ssl:verify-certificate no; set ftp:ssl-protect-data true;" remote-server -p remote-server-port

> user ftp_user

$ lftp -e "set ftp:ssl-auth TLS; set ftp:ssl-force true; set ssl:verify-certificate no; set ftp:ssl-protect-data true;" ftps.sangchul.kr -p 990
lftp ftps.sangchul.kr:~> user ftp_user
비밀번호: 
lftp ftp_user@ftps.sangchul.kr:~> ls
-rw-rw-r--    1 1001     1001            0 Dec 06 06:45 ftpfiletest.txt

2. 환경 설정(.lftprc) 파일 생성 후 접속

.lftprc 파일 생성

$ lftp -u ftp_user remote-server -p remote-server-port

$ vim ~/.lftprc
set ftp:ssl-auth TLS
set ftp:ssl-force true
set ftp:ssl-protect-list yes
set ftp:ssl-protect-data yes
set ftp:ssl-protect-fxp yes
set ssl:verify-certificate no

$ lftp -u ftp_user ftps.sangchul.kr -p 990
비밀번호: 
lftp ftp_user@ftps.sangchul.kr:~> ls 

3. 파일질라(FileZilla) 클라이언트 툴로 접속

4. openssl s_client -starttls ftp -connect ftps.sangchul.kr:990

$ echo '' | openssl s_client -starttls ftp -connect ftps.sangchul.kr:990
CONNECTED(00000003)
depth=0 C = KR, ST = Seoul, L = Jongno-gu, O = sangchul.kr, OU = infra team, CN = ftps.sangchul.kr, emailAddress = admin@sangchul.kr
verify error:num=18:self signed certificate
verify return:1
depth=0 C = KR, ST = Seoul, L = Jongno-gu, O = sangchul.kr, OU = infra team, CN = ftps.sangchul.kr, emailAddress = admin@sangchul.kr
verify return:1
---
Certificate chain
 0 s:/C=KR/ST=Seoul/L=Jongno-gu/O=sangchul.kr/OU=infra team/CN=ftps.sangchul.kr/emailAddress=admin@sangchul.kr
   i:/C=KR/ST=Seoul/L=Jongno-gu/O=sangchul.kr/OU=infra team/CN=ftps.sangchul.kr/emailAddress=admin@sangchul.kr
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID/zCCAuegAwIBAgIJAKD99Lob8Z6NMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYD
VQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxEjAQBgNVBAcMCUpvbmduby1ndTETMBEG
A1UECgwKTW9uZXlUb2RheTETMBEGA9UECwwKaW5mcmEgdGVhbTEWMBQGA1UEAwwN
YWZ0cC5tdC5jby5rcjEgMB4GCSqGSIb3DQEJARYRYW50aTEzNDZAbXQuY28ua3Iw
HhcNMjEwNTE4MDExMTUzWhcNMzEwNTE2MDExMTUzWjCBlTELMAkGA1UEBhMCS1Ix
DjAMBgNVBAgMBVNlb3VsMRIwEAYDVQQHDAlKb25nbm8tZ3UxEzARBgNVBAoMCk1v
bmV5VG9kYXkxEzARBgNVBAsMCmluZnJhIHRlYW0xFjAUBgNVBAMMDWFmdHAubXQu
Y28ua3IxIDAeBgkqhkiG9w0BCQEWEWFudGkxMzQ2QG10LmNvLmtyMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIwpnlOClmHzEevwg/5ZQ6H273TyflPd
MFAKSJR9jfbQhhRTPCdXA4vESoHJO6GHHOWA+CCAwABtV4H94PHKDcofSRw8eKgV
aJML/ivw0tNxXsXLDunb9YbNW7uaJh33IRxGfm5BO3xBYwZZbNuVXWs2sKNQKmmG
KWZWyRzCL3Gcyi5osJcURXZBxZv5G0z/DOIrOoFlNeBu907MJWvWLigfE+sGtUD4
VgsMltg/0ZAekARKsShQuwe4x3b0xwTweoyDG8WOD+OYYFE7VgF8voyjLHfI6z/w
adPdZl/kRZD/m08DN1fnQgDzWUbmsaN3Okk6PwqGy2+ubI0JnU3a0QIDAQABo1Aw
TjAdBgNVHQ4EFgQUO5yQv6257jHUSZhz6f6J/CSRgT0wHwYDVR0jBBgwFoAUO5yQ
v6257jHUSZhz6f6J/CSRgT0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
AQEAjyzlNc5lJOD/jujegLzayDpRC8XRuc/vamyB2OE6f1K+HVYEpQBnROibuAI6
UPQzKTlu8hxw1Dmn3H+1UN9BFPiK6iK7L5NG1mOxW7q5u45KOccFsQvPqU8s3jsj
c+VOhzbRAAHCKsqIgoSc7HAQqseuGFSftzt9KN0KeSc9r5ZnpSAVDrsaWh3WY6jb
5CcIstHrLeHkCbVsZaPP0eBp07vnaY1XC8rtvPFp/V4f/E7lG0qxv3HT/GPzUycF
5euHeNIdMew3UyzsU84nI9rqe7EL92qMvEPOX1YrBCEwNhkdvbmahIwlNPNoS9NF
xOa4dm+tC2i7xcs9EqaxFFxnbg==
-----END CERTIFICATE-----
subject=/C=KR/ST=Seoul/L=Jongno-gu/O=sangchul.kr/OU=infra team/CN=ftps.sangchul.kr/emailAddress=admin@sangchul.kr
issuer=/C=KR/ST=Seoul/L=Jongno-gu/O=sangchul.kr/OU=infra team/CN=ftps.sangchul.kr/emailAddress=admin@sangchul.kr
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA386:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA386:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1797 bytes and written 437 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: A6A90A286C5EAC93447DF978DE6869BCEEBE122CCFBF3A2169273FF3E46BB9CE
    Session-ID-ctx:
    Master-Key: CD9F0D87AC9EC57B72D05164CEEDA83A12212CA8F136F6AFBA00C38D8937C5BA9BBF019506AB7949CC9802EFB96AE745
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - f3 57 b6 77 a2 94 4d 31-a5 ac ad b8 4b 0b d1 ea   .W.w..M1....K...
    0010 - d9 d8 6d 25 6a 02 a0 95-ab 5c d1 87 d5 d4 e2 a5   ..m%j....\......
    0020 - 91 f8 44 54 6c fe 28 79-e3 b7 6d 43 d3 26 ad 27   ..DTl.(y..mC.&.'
    0030 - 66 fd 8e f8 fb e5 6d bd-75 f6 cf 65 c6 f3 40 b1   f.....m.u..e..@.
    0040 - 93 9f 01 4f 3c 48 81 a2-2d ee 1a 61 05 e0 87 83   ...O<H..-..a....
    0050 - df 86 1c 45 b0 b2 f7 97-27 6e f9 0d e4 8f cf 0f   ...E....'n......
    0060 - e7 48 91 d8 db d9 bf 49-39 33 3c 75 ae c6 19 bc   .H.....I93<u....
    0070 - 49 87 36 fd 67 33 a1 5b-1a 08 32 b7 ea 3e b4 d5   I.6.g3.[..2..>..
    0080 - 15 94 36 3a 65 08 56 d6-a1 fe ce e7 fb 1d 33 81   ..6:e.V.......3.
    0090 - b8 f0 59 fe 4e 83 0c e3-53 ce 43 e0 2a d5 af 8c   ..Y.N...S.C.*...

    Start Time: 1638775855
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
220 Welcome to ftps.sangchul.kr FTP service.
DONE

 

728x90