在Ubuntu上使用OpenSSL检查端口是否开放,可以通过以下步骤进行:
打开终端:
在Ubuntu系统中,你可以通过快捷键 Ctrl + Alt + T 打开终端。
运行OpenSSL命令: 使用以下命令来检查指定主机的端口是否开放:
openssl s_client -connect hostname:port
其中,hostname 是你要检查的主机名或IP地址,port 是要检查的端口号。
例如,如果你想检查 www.example.com 的80端口是否开放,可以运行:
openssl s_client -connect www.example.com:80
分析输出:
如果连接成功,你会看到类似以下的输出:
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
...
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
...
verify return:1
depth=0 CN = www.example.com
verify return:1
---
Certificate chain
0 s:CN = www.example.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---
Server certificate
...
Subject:CN = www.example.com
Issuer:C = US, O = Let's Encrypt, CN = R3
...
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
...
SSL handshake has read 3547 bytes and written 430 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
如果连接失败,你会看到类似以下的输出:
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
...
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
...
verify return:1
depth=0 CN = example.com
verify return:1
---
Certificate chain
0 s:CN = example.com
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
---
Server certificate
...
Subject:CN = example.com
Issuer:C = US, O = Let's Encrypt, CN = R3
...
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
...
SSL handshake has read 3547 bytes and written 430 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
注意:verify return:20 表示证书验证失败,但这并不一定意味着端口未开放。
如果你更喜欢使用图形界面或命令行工具,可以使用 nmap 来检查端口:
安装nmap:
sudo apt update
sudo apt install nmap
运行nmap命令:
nmap -p port hostname
其中,port 是要检查的端口号,hostname 是目标主机名或IP地址。
例如,检查 www.example.com 的80端口:
nmap -p 80 www.example.com
分析输出:
nmap 会显示目标主机的端口状态,例如:
Starting Nmap 7.80 ( https://nmap.org ) at 2023-10-05 12:34 UTC
Nmap scan report for www.example.com (93.184.216.34)
Host is up (0.0010s latency).
PORT STATE SERVICE
80/tcp open http
通过以上方法,你可以轻松地在Ubuntu上使用OpenSSL或nmap检查端口是否开放。