1. FTP introduction:
Ftp:File TrAnsfer protoCol(File transfer protocol) is a protocol used to transfer files in two or more different operating systems. It has been 40 years since the birth of FPT. This year is its 40-year anniversary. So it naturally became one of the oldest protocols in the world.
Ii. How FTP works
FTP is based on the TCP protocol.
The most common port is also the most commonly used Port:
Port 21: YesCommand. (After verification, we execute someLsAnd other commands are transmitted through this port)
Port 20: implements data transmission.
The server has two data transmission modes:
1. Active mode.
2. Passive mode.
The active and passive modes are for servers. Whether the active mode or passive mode is used during the operation is determined by the client. In active mode, both the client and the server are required to open and listen to a port to create a connection. In this case, the client may have some problems due to the firewall installation. Therefore, the passive mode is created. In passive mode, the server is only required to generate a process that listens to the corresponding port, so that the firewall can be installed on the client.
Implementation of the Active Mode:
A. Open a random port on the client (the port number is greater than 1024. Here, we call it x), and an FTP process connects to port 21 on the server. At this time, the tCpThe source port of the connection is the random port x specified by the client, and the destination port (remote port) is port 21 on the server.
B. the client starts listening to port (x + 1) and sends a PORT command to the server (through port 21 of the server ), this command tells the Server Client the port number being monitored and is ready to receive data from this port. This port is the data port we know.
C. The server opens port 20 and creates a connection with the client data port. In this case, the source port is 20 and the remote data (destination) port is (x + 1 ).
D. The client creates a connection with Port 20 through the local data port, and then sends a response to the server, telling the server that a connection has been created.
Iii. FTP user/server type:
1) FTP servers support three main user types.
1. anonymous Users: anonymous orFtp
Anonymous Users are generally used.
2. Local Users:
The account name, password, and other information are stored inPasswdAnd shadow files
3. Virtual users:
Use an independent account/password data file.
It can be a db database, mysql, or a file.
2) Common FTP servers:
IIS Serv-U (commonly used on windows)
Wu-ftpd (the oldest one ),
Proftpd (ftp software with very powerful functions can be developed according to your needs)
Pureftpd (powerful ftp software)
Vsftpd (REdHat is the most commonly used. Its lightweight model is only 140 KB, but it is very secure)
3) Common FTP clients:
Ftp command
Lftp command
Gftp (linxu-based ftp tool)
CuteFTP
FlashFTP (known as the fastest FTP ),
Ftps uses ssl encryption.
Iv. vsftpd Server
We will explain how to implement the vsftpd server architecture.ArchitectureAn FTP server
First, we need to know that the vsftpd server runs as an ftp user. Vsftpd is controlled by selinux, so selinux should be disabled first.
1. Install vsftpd:
- Yum install vsftpd
After installation, we can see that the vsfptd command is installed in the/usr/sbin directory named vsftpd
The configuration file is saved in the/etc/vsftpd directory.
All its files are stored in/var/ftp.
2. How to configure vsftpd
First, go to the/etc/vsftpd directory.
① Ftpusers file:
This is a definition file that defines users who are not allowed to log on.
② User_list file:
The list in this file provides an FTP user list, which defines whether user logon is disabled and whether the file takes effect depends on the settings in the main configuration file.
③/Etc/vsftpd. conf
The main configuration file defines all the rules in detail:
Let's take a look at common rules:
Local _Enable= YES: whether to allow access as a local user
By default, local users log on to the default home directory through ftp.
Write_ Enable: Can a local user be writable after logon? (Only create files)
Anon _Mkdir_ Write_enable = YES allows a local user to create a folder after logon.
Anon_upload_enable = YES whether anonymous users are allowed to upload data
Chown_ Upload = YES: automatically changes the owner of files uploaded by anonymous users.
Chown_username = root defines the owner of the change
DiRmEssage_enable = YES to add a welcome message to the current directory
Message_file =. message: Location of your welcome file.
Xferlog_enable = YES whether to enable log information
Xferlog_file =/var/log/vsftpd. log where to configure the log file
IdLe_session _TimeOut = 600 session Response Time
Data_connection_timeout = 120 data Response Time
Ftpd_banner = Welcome to bash FTPservice. FTP.
Chroot_list_enable = YES is used to determine whether to lock the user in its home directory.
This is very dangerous if it is not enabled. If the user is not restricted, a user may run all sorts of tasks and modify files. When this feature is enabled, log on to the directory and usePwdThe command does not show where you are.
Chroot_list_file =/etc/vsftpd/chroot_list through this table, you can define which users are restricted.
Listen = YES Let FTP run on our machine as an independent process.
If it is changed to NO, it is used as a non-independent process. It becomes a sub-process of init.
Pam_service_name = vsftpd pub-based authentication
Userlist_enable = YES whether to enable the list control user_list file:
Userlist_deny = YES, which is rejected by default. If you want to go in, the request will be rejected immediately. If we change to NO, we can only access the list of users.
Lftp-u student 172.16.100.1 can be verified
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
