Login Gmail via Command Line OpenSSL
Published in
4 min readApr 23, 2020
Sometimes you need to figure out what's going wrong and where. Make sure OpenSSL installed on your server.
Connect
openssl s_client -connect smtp.gmail.com:465You will see certificate info and handshake steps afterward:
CONNECTED(00000003)
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com
verify return:1
---
Certificate chain
0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.com
i:C = US, O = Google Trust Services, CN = GTS CA 1O1
1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1
i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEwDCCA6igAwIBAgIQMzGAQKxyWy0IAAAAADeRHjANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMw
EQYDVQQDEwpHVFMgQ0EgMU8xMB4XDTIwMDQwMTEyNTcxNloXDTIwMDYyNDEyNTcx
NlowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT
DU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFzAVBgNVBAMTDnNt
dHAuZ21haWwuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4Y1YLgvQmwu5
0jOJlAa2T3wnw8dbwmyCj79wKM0Y/r69AOKvq4za6KmqYVvwPHVRNg+l1DDApSUw
AdZ5AgUDMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9jcmwucGtpLmdvb2cvR1RT
MU8xLmNybDCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2ALIeBcyLos2KIE6HZvkr
uYolIGdr2vpw57JJUy3vi5BeAAABcTYIJ/oAAAQDAEcwRQIhAKz1k2hTMGqZ+1xE
ySh08NTs+C1OhXZu5vN/5d/fzrokAiBUwRa+bQ9aA32EM5ZGx7aUkpPJTm+RjAJq
dIiuvxLbogB3AF6nc/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABcTYI
KCMAAAQDAEgwRgIhAMEYKx+AJ9toPEWlAUyX2Rryg+Cg/hDG+Y9ywQvqbgF2AiEA
q7xrOBRQ8znf0ZX//MlhjMabWPbZspbYnjoVH4m6e8MwDQYJKoZIhvcNAQELBQAD
ggEBAIwg9AzxdzlhR+eyNh9LLP/sd0EmI7XQkuDzqFHW5aY5XNL6nuE8hQpxCban
+Wpbk3j0I80E35YUHa/pU5xibXihECE2zVDSbWhkzaibBzKiLRy+g8sqHTkZKAAw
2EEv1yil9B0NJ3DrNL7fBnPvNTK3xZOffKWMZyj+Oh/KibgmXqYVFHgodSlGi+6Q
O0RKZ99zTGUvdTNANPkpuSfY8W4lF82JvjS5sWQ3hUZ9ttZd8wPXMulJoLcr5k3L
avWRjslPRGEX5sRtTORd7iJ40ywTlquGj0u3ip+x3JxjbB9pgMJWPO1J3ToPISkD
qw9/jd89egbvD59AviLWLQiBJ38=
-----END CERTIFICATE-----
subject=C = US, ST = California, L = Mountain View, O = Google LLC, CN = smtp.gmail.comissuer=C = US, O = Google Trust Services, CN = GTS CA 1O1---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2633 bytes and written 396 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 435CE67365C51C3FF53BCFD01E8DF4F42A979BA
Session-ID-ctx:
Resumption PSK: 102A5E0C7CB9BFDDA7CCAC44BEEE741F60B4BDCABC6E016D
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 172800 (seconds)
TLS session ticket:
0000 - 01 92 ee e2 95 9e 7f 54-81 0d 36 0f 40 41 6c da .......T..6.@Al.
0010 - e7 42 2e b0 24 de a6 c3-9e fa 76 5d 8d 04 7a 66 .B..$.....v]..zf
0020 - 0c 24 3a 9b 23 a7 dc fc-9f bb 8f 8f 91 49 5e 48 .$:.#........I^H
0030 - 5c ea aa a7 af d6 4e 23-cb 0a 0b fe 34 8b 77 6f \.....N#....4.wo
0040 - 1b 38 5d 52 9a dd 77 3d-89 fa e0 b3 49 60 80 67 .8]R..w=....I`.g
0050 - fc 3d 3e 5b 65 40 27 ed-3a 52 97 da 53 69 d1 2e .=>[e@'.:R..Si..
00a0 - 62 8b ce 1a bb cf 6c db-1a f5 d7 be 6e bb 27 23 b.....l.....n.'#
00b0 - a1 39 bf 65 12 f6 09 3d-3e c0 d3 e5 23 75 6d 18 .9.e...=>...#um.
00c0 - 6c 41 99 eb 18 8b db c9-88 0d 95 35 cc 34 ff 23 lA.........5.4.#
00d0 - 89 d7 74 7b 8b 15 8f c2-63 28 8d b5 89 90 27 e3 ..t{....c(....'.
00e0 - d2 ce 4d d7 f6 9b 43 f7-6e ae 6c d0 ..M...C.n.l.Start Time: 1587668872
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 5CA405A645B1566A9C528F15FBA57A94FD24713FEB8C1DBB6B7E
Session-ID-ctx:
Resumption PSK: 4DBF71AF9344E45F5CCBA50AB0A917A0EC38447F4AAD513C
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 172800 (seconds)
TLS session ticket:
0000 - 01 92 ee e2 95 9e 7f 54-81 0d 36 0f 40 41 6c da .......T..6.@Al.
0010 - 2f 82 1e ac 20 8b f0 a9-93 7e 22 a9 e5 ad 49 7c /... ....~"...I|
0020 - fa 85 9b a7 a3 70 0a 77-48 16 ee d8 40 55 1b 11 .....p.wH...@U..
0030 - 8c 38 10 f0 f7 9a eb fc-14 52 b2 d7 0a a3 34 39 .8.......R....49
0090 - eb 1a 8c 99 a4 3e f3 8a-4c 13 b2 ed 63 65 c8 db .....>..L...ce..
00a0 - 18 5b 4e 91 ba 36 31 14-ef 71 91 77 12 c7 5b 5b .[N..61..q.w..[[
00b0 - 6c 94 6f 75 2e 19 b1 4b-85 56 d1 c4 d6 0f d4 5b l.ou...K.V.....[
00c0 - 5d d4 6f c3 7e 95 76 3b-3f 5d 19 39 ff e2 f5 9c ].o.~.v;?].9....
00d0 - c2 e0 f8 16 bb b9 ff 13-ae c9 a8 68 82 18 c9 91 ...........h....
00e0 - e9 25 73 da f7 37 68 b2-25 3b e1 71 .%s..7h.%;.qStart Time: 1587668872
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
220 smtp.gmail.com ESMTP f83sm4811972wmf.42 - gsmtp
Login
In the same previous session, we will log in by the command
auth loginyou will get an error
503 5.5.1 EHLO/HELO first. f83sm4811972wmf.42 - gsmtpwe have to choose the service first
HELO gmail.com250 smtp.gmail.com at your service #success
and now we can log in again
auth login334 VXNlcm5hbWU6 #success response[username base64 encoded]334 UGFzc3dvcmQ6 #success response[passwod base64 encoded]
then you will get some case of authenticating failed:
Error
It needs “Verify the login in new device”
534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbs
534-5.7.14 dwn8iSzU6xg4HmGIpuEeuFTorU2mVfcsErEuvvc0PzWCb9igNnHI_EoMYoYHh1egbzD8h
534-5.7.14 LEuiTqDDfD2aCQUBH3Lqf-7vBS3btKLQcI_jwXO83LTBd8rvavoOILI_HGtvYTDU>
534-5.7.14 Please log in via your web browser and then try again.
534-5.7.14 Learn more at
534 5.7.14 https://support.google.com/mail/answer/78754 f83sm4811972wmf.42 - gsmtpOr you can get a success message.
Reference:
https://serverfault.com/questions/247023/how-to-authenticate-gmail-with-openssl-s-client
https://stackoverflow.com/questions/1516754/connecting-to-smtp-gmail-com-via-command-line
https://www.base64encode.org/
