我有以下代码是我在网上找到的东西(不记得在哪里)
$Server = XXXXX
$port = XXX
$remotepath='/'
$username = 'XXXX'
#$passward = ConvertTo-SecureString -AsPlainText 'XXXX' -Force
$password = 'XXXXX'
$file = "path-to-file"
$f = Get-Item $File
$remote_url = "ftp://$Server`:$Port$RemotePath"
[System.Net.FtpWebRequest]$req = [System.Net.FtpWebRequest]::Create($remote_url + $f.Name)
# [System.Net.FtpWebRequest]$req = [System.Net.WebRequest]::Create($remote_url + $f.Name)
$req.Credentials = New-Object System.Net.NetworkCredential($Username, $Password)
$req.Method = [System.Net.WebRequestMethods+Ftp]::UploadFile
$req.EnableSsl = $true
$req.UseBinary = $true
$req.UsePassive = $true
$req.KeepAlive = $true
$req.ConnectionGroupName = "FTPS_$Username"
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {return $true}
$fs = New-Object IO.FileStream $f.FullName, 'Open', 'Read'
$req.ContentLength = $f.Length
$ftpStream = $req.GetRequestStream()
$b = New-Object Byte[](10000)
do {
$ftpStream.Write($b, 0, $r)
$r = $fs.Read($b, 0, 10000)
} while ($r -ne 0)
if ($fs -ne $null) { $fs.Dispose() }
$ftpStream.Close()
$resp = $req.GetResponse()
$resp.StatusDescription
$resp.Close()
文件上传正常,但是在触发以下行时:
$ftpStream.Close()
它导致服务器(ubuntu上的vsftp)出现以下错误:
Sun Mar 31 13:58:13 2019 [pid 3779] [XXXX] DEBUG: Client "XXX.XXX.XXX.XXX", "DATA connection terminated without SSL shutdown. Buggy client! Integrity of upload cannot be asserted."
Sun Mar 31 13:58:13 2019 [pid 3780] [XXXX] FTP response: Client "XXX.XXX.XXX.XXX", "426 Failure reading network stream."
Sun Mar 31 13:58:13 2019 [pid 3780] [XXXX] FAIL UPLOAD: Client "XXX.XXX.XXX.XXX", "/file-path", 36851 bytes, 0.21Kbyte/sec
Sun Mar 31 13:58:13 2019 [pid 3779] [XXXX] DEBUG: Client "XXX.XXX.XXX.XXX", "Control connection terminated without SSL shutdown."
这反过来在我的代码中导致以下行:
$resp = $req.GetResponse()
失败:
Exception calling "GetResponse" with "0" argument(s): "The remote server returned an error: (426) Connection closed; transfer aborted."
At line:3 char:13
+ $resp = $req.GetResponse()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WebException
非常感谢所有帮助,因为脚本能够可靠地发出上传失败或成功的警报非常重要。
=============更新============
好吧,我尚未将此更新发布为答案(至少现在还没有),因为它比适当的解决方案更能解决问题。
我以中文找到了这篇帖子:https://blog.yuwu.me/?p=1159,我对此一无所知(对我而言,这实际上是中文),但他确实对vsftpd文档做了部分配额:
strict_ssl_read_eof 如果启用,则需要通过SSL(而不是套接字上的EOF)终止SSL数据上传。这个选项是 需要确保攻击者没有使用伪造的TCP FIN提前终止上传。不幸的是 实际上,默认情况下未启用它,因为很少有客户端正确使用它。 (v2.0.7中的新功能)。
Default: NO
我将此设置添加到了配置中,瞧瞧-我的脚本成功完成了。但是,服务器继续抛出错误“数据连接在未关闭SSL的情况下终止。错误的客户端!无法断言上传的完整性”。但至少它不再终止我的控制频道。
显然,一个真正的解决方案是正确终止数据连接,因此希望有人能够成功解决此问题。