证书使用指导

[tonyho]

您好，请问一下，可以给出一个简单的使用证书的教程吗？目的是为了加密通讯数据。防止通讯数据被抓包看到tty终端登录的账号信息。

例如
第一步：生成一个证书
第二步：rttys这边的使用
第三步：rtty这边的使用

谢谢。

[zhaojh329]

generate-CA.sh

rttys run --ssl-cert server.crt --ssl-key server.key --ssl-cacert ca.crt

rtty -I test -c client.crt -k client.key -v -s

[tonyho]

generate-CA.sh

rttys run --ssl-cert server.crt --ssl-key server.key --ssl-cacert ca.crt

rtty -I test -c client.crt -k client.key -v -s

Thanks.

[tonyho]

生成了Key后，我配置了rttys.conf ，如下：

addr-dev: :6912
addr-user: :6913
addr-web: :6914
#web-redir-url:

# Auth for http
http-username: *****
http-password: ********

#ssl-cert: /etc/rttys/rttys.crt
#ssl-key: /etc/rttys/rttys.key

#token: a1d4cdb1a3cd6a0e94aa3599afcddcf5

# font-size: 16

# No login required to connect device.
# Values can be device IDs separated by spaces,
# or a "*" indicates that all devices do not require login
# http://localhost:5913/connect/rtty1
#white-list: "*"
#white-list: rtty1 rtty2

然后使用下面的方式启动了server：

./rttys run --ssl-cert server.crt --ssl-key server.key --ssl-cacert ca.crt -conf ./rttys.conf

2021-02-20T11:45:52+08:00 |INFO| main.go:26 |Go Version: go1.15.7
2021-02-20T11:45:52+08:00 |INFO| main.go:27 |Go OS/Arch: linux/amd64
2021-02-20T11:45:52+08:00 |INFO| main.go:29 |Rttys Version: 3.4.0
2021-02-20T11:45:52+08:00 |INFO| main.go:35 |Git Commit: bf4f774
2021-02-20T11:45:52+08:00 |INFO| main.go:39 |Build Time: 2021-02-19T11:18:52+0000
2021-02-20T11:45:52+08:00 |INFO| device.go:294 |Listen device on: :6912 SSL on
2021-02-20T11:45:52+08:00 |INFO| web.go:244 |Listen dev web on: :6914
2021-02-20T11:45:52+08:00 |INFO| http.go:192 |Listen user on: :6913 SSL on

然后我在浏览器（https://ServerIP:6913）可以打开设备管理web。但是使用rtty v7.4.0无法链接服务器：

rtty -I TEST -h SERVERIP -p 6912 -a -v -d test -c client.crt -k client.key -v -s   

2021/02/20 11:50:02 (main.c:171) rtty version 7.4.0
2021/02/20 11:50:02 (rtty.c:420) connected to server
2021/02/20 11:50:02 (ssl.c:142) Setting mTLS key/cert failed: No child processes
2021/02/20 11:50:02 (rtty.c:379) socket closed by server


2021/02/20 11:50:08 (rtty.c:448) rtty reconnecting...
2021/02/20 11:50:08 (rtty.c:420) connected to server
2021/02/20 11:50:08 (ssl.c:142) Setting mTLS key/cert failed: Operation now in progress
2021/02/20 11:50:08 (rtty.c:379) socket closed by server

服务器端提示：

2021-02-20T11:49:26+08:00 |ERRO| device.go:156 |tls: first record does not look like a TLS handshake
2021-02-20T11:49:26+08:00 |INFO| device.go:90 |Device '' closed
2021-02-20T11:50:02+08:00 |ERRO| device.go:156 |tls: first record does not look like a TLS handshake
2021-02-20T11:50:02+08:00 |INFO| device.go:90 |Device '' closed
2021-02-20T11:50:08+08:00 |ERRO| device.go:156 |tls: first record does not look like a TLS handshake
2021-02-20T11:50:08+08:00 |INFO| device.go:90 |Device '' closed
2021-02-20T11:50:14+08:00 |ERRO| device.go:156 |tls: first record does not look like a TLS handshake
2021-02-20T11:50:14+08:00 |INFO| device.go:90 |Device '' closed
2021-02-20T11:50:20+08:00 |ERRO| device.go:156 |tls: first record does not look like a TLS handshake
2021-02-20T11:50:20+08:00 |INFO| device.go:90 |Device '' closed
2021-02-20T11:50:26+08:00 |ERRO| device.go:156 |tls: first record does not look like a TLS handshake
2021-02-20T11:50:26+08:00 |INFO| device.go:90 |Device '' closed

rtty使用的ssl库是openssl（libssl.so.1.1）。
请问一下这个是啥问题呢？

[zhaojh329]

I just took a test and there was no problem.
ssl.tar.gz

[tonyho]

I just took a test and there was no problem.
ssl.tar.gz

Thank you for the quick response, I just figure out that I mixed-up the client.csr and client.crt.

[braincs]

addr-user: :6913
addr-web: :6914
are they different? why I cannot modify addr-user port. If i modify to use another port, like 35913, it doesnt work. when I change it back 5913, it's ok. Quite confused.