FTPs and SFTP:
FTPs is the use of SSL protocol encryption, SSL is designed for HTTP/SMTP encryption, SFTP is the use of SSH encryption, SSH is for telnet/ftp, such as encryption, the establishment of transmission channel design. SSH establishes the transmission channel for encryption and transmission, and this channel can be used for remote logins. Create an encrypted channel to encrypt the file.
From the principle of simple said: FTPs is the meaning of FTP-OVER-SSL, namely FTP with the SSL protocol encryption transmission, not only to use the FTP server and SSL protocol encryption. The SFTP protocol is an independent protocol in SSH that can transmit data using the SFTP server.
The following author use SSL to achieve FTPS secure transmission:
SSL is FTPS. (Encryption of the transport layer)
SSL authentication: 1, only password Authentication 2, SSL certificate authentication, need to establish CA server
Experiment idea: First installs the Wireshark grasping the package tool, does not use the CA server the case to grab the bag, the view grasps the bag situation. Then install the CA server to issue certificates to the FTP server. Grab the bag again and check the bag. Note: The CA server is on the same host as the FTP server in this experiment
New User:
[Root@lyt ~]# Useradd user1 #新建用户user1, used to grab the package test.
[Root@lyt ~]# passwd user1
Install Wireshare:
[Root@lyt ~]# Mkdir/mnt/cdrom
[Root@lyt ~]# mount/dev/cdrom/mnt/cdrom/
[Root@lyt ~]# cd/mnt/cdrom/server/
[Root@lyt server]# Vim/etc/yum.repos.d/rhel-debuginfo.repo #编辑本地yum
[Root@lyt server]# yum install wireshark–y #安装wireshark抓包工具
Install Vsftp:
[Root@lyt server]# RPM-IVH vsftpd-2.0.5-16.el5.i386.rpm
[Root@lyt server]# Service vsftpd start
Use the grab tool to see what happens when SSL is not in use:
[Root@lyt server]# tshark-ni eth0-r "Tcp.dstport eq" #由于客户端必须使用21端口与服务器建立连接, so here's a grab for Port 21st.
User name and password has been compromised: