Vsftpd+openssl+mysql implementing SFTP and FTP virtual users

Source: Internet
Author: User
Tags create directory crypt file transfer protocol

Ftp:file Transfer Protocol, Port: control: TCP/21; Data: TCP/20 or random high port

FTP has two connections:

Command connection (Control connection): TCP/21

Data connection (open on Demand):

Active mode: TCP/20 (FTP server Active connection client)

Passive mode: Random high port

FTP has two modes of transmission: Binary, TEXT (default is auto, will match according to file characteristics)

SFTP is implemented with OpenSSL, and FTPs is a sub-function of SSH.

System platform: rhel5.8 (32-bit), ip:32.12.32.227, with the system's own RPM package installation

To install ftp:

#yum Install VSFTPD

#service vsftpd Start

#finger FTP (Installation VSFTPD automatically creates FTP users and user groups to view the home directory for FTP

Test (at this time anonymous login, user name can anonymous or FTP, password is empty):

C:\users\yangyuan>ftp 32.12.32.227

Connect to 32.12.32.227.

(VsFTPd 2.0.5)

User (32.12.32.227: (None)): FTP

331 Specify the password.

Password:

Successful Login.

Ftp>

Note: Anonymous users are not able to upload files, create new directories, delete files unless you change the configuration file/etc/vsftpd/vsftpd.conf

#vim/etc/vsftpd/vsftpd.conf

Anon_upload_enable=yes (Allow anonymous users to upload files)

Anon_mkdir_write_enable=yes (Allow anonymous users to create a new directory)

Anon_other_write_enable=yes (Allow anonymous users to delete files)

#mkdir/var/ftp/upload (Create an upload directory)

#setfacl-M U:ftp:rwx/var/ftp/upload

#service vsftpd Restart

#setenforce 0

#iptables-F (empty firewall)

Test:

xshell:\> FTP 32.12.32.227

Connecting to 32.12.32.227:21 ...

Connection established.

To escape to local shell, press ' ctrl+alt+] '.

(VsFTPd 2.0.5)

Name (32.12.32.227:yangyuan): FTP

331 Specify the password.

Password:

Successful Login.

Ftp:/> CD Upload

Directory successfully changed.

Ftp:/upload> lpwd

D:\Users\yangyuan\Desktop

Ftp:/upload> put Fd.png

227 Entering Passive Mode (32,12,32,227,222,90)

Ok to send data.

fd.png:12.8 KB Sent in 0.001 sec (13,129 bytes, 12.5 mb/sec).

226 File receive OK.

ftp:/upload> mkdir Test3

257 "/UPLOAD/TEST3" created

ftp:/upload> Delete Fd.png

+ Delete operation successful.

Using the normal user of the system to access the FTP will go to the normal user home directory, it is recommended not to use:

#useradd Hadoop

#echo "Redhat" | passwd--stdin Hadoop

xshell:\> FTP 32.12.32.227

Connecting to 32.12.32.227:21 ...

Connection established.

To escape to local shell, press ' ctrl+alt+] '.

(VsFTPd 2.0.5)

Name (32.12.32.227:yangyuan): Hadoop

331 Specify the password.

Password:

Successful Login.

Ftp:/home/hadoop>

In addition, the following two commands can be added to the/etc/vsftpd/vsftpd.conf:

max_clients= value (used to define the maximum number of users to access)

mas_per_ip= value (used to define the number of individual IP address users)


Implementation of SFTP: CA---->sftp

# (Umask 077;openssl genrsa-out PRIVATE/CAKEY.PEM 2048)

# OpenSSL Req-new-x509-key private/cakey.pem-out cacert.pem-days 3650

.........

Country Name (2 letter code) [GB]:CN

State or province name (full name) [Berkshire]:js

Locality Name (eg, city) [Newbury]:sz

Organization Name (eg, company) [My company Ltd]:bocs

Organizational Unit Name (eg, section) []:tech

Common name (eg, your name or your server ' s hostname) []:ca.bocs.com

Email Address []:

# VIM/ETC/PKI/TLS/OPENSSL.CNF

DIR =/etc/pki/ca

# Mkdir/etc/vsftpd/ssl

# Cd/etc/vsftpd/ssl

# (Umask 077;openssl genrsa-out vsftpd.key 2048)

# OpenSSL Req-new-key vsftpd.key-out VSFTPD.CSR

Country Name (2 letter code) [GB]:CN

State or province name (full name) [Berkshire]:js

Locality Name (eg, city) [Newbury]:sz

Organization Name (eg, company) [My company Ltd]:bocs

Organizational Unit Name (eg, section) []:tech

Common name (eg, your name or your server ' s hostname) []:ftp.bocs.com

Email Address []:

Please enter the following ' extra ' attributes

To is sent with your certificate request

A Challenge Password []:

An optional company name []:

# OpenSSL ca-in vsftpd.csr-out vsftpd.crt (y y)

#vim/etc/vsftpd/vsftpd.conf (Add the following)

######### SSL or TLS #########

Ssl_enable=yes

Ssl_tlsv1=yes

Ssl_sslv3=yes

Allow_anon_ssl=no

Force_local_data_ssl=yes

Force_local_logins_ssl=yes

Rsa_cert_file=/etc/vsftpd/ssl/vsftpd.crt

Rsa_private_key_file=/etc/vsftpd/ssl/vsftpd.key

#service vsftpd Restart

Test

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/7F/BB/wKiom1cquC3DujDEAABq6PIIE-Y902.png "style=" float: none; "title=" 12.PNG "alt=" Wkiom1cquc3dujdeaabq6piie-y902.png "/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7F/B9/wKioL1cquQTBx2IrAAD63L3WWgc226.png "style=" float: none; "title=" 12.1.PNG "alt=" Wkiol1cquqtbx2iraad63l3wwgc226.png "/>

Virtual user implementation based on Pam and MySQL

# yum-y Install Mysql-server Mysql-devel

# service Mysqld Start

# Chkconfig Mysqld on

Because the system Pam is associated with MySQL a package: pam_mysql-0.7rc1.tar.gz, download location:http://download.chinaunix.net/download.php?id=15901& resourceid=7820

# Tar XF pam_mysql-0.7rc1.tar.gz

# CD PAM_MYSQL-0.7RC1

#./configure--WITH-MSYQL--with-openssl

# make

# make Install

Create databases, tables, assign permissions to library users

# MySQL

mysql> CREATE DATABASE vsftpd;

Query OK, 1 row affected (0.02 sec)


mysql> use VSFTPD;

Database changed

Mysql> CREATE TABLE Users (

-ID SMALLINT auto_increment not NULL,

, name CHAR (a) BINARY not NULL,

Password CHAR () BINARY not NULL,

-PRIMARY KEY (ID)

);

Query OK, 0 rows affected (0.03 sec)

mysql> DESC users;

+----------+-------------+------+-----+---------+----------------+

| Field | Type | Null | Key | Default | Extra |

+----------+-------------+------+-----+---------+----------------+

| ID | smallint (6) | NO | PRI | NULL | auto_increment |

| name | char (20) |     NO | |                NULL | |

| password | char (48) |     NO | |                NULL | |

+----------+-------------+------+-----+---------+----------------+

3 rows in Set (0.01 sec)

Mysql> GRANT SELECT on vsftpd.* to [e-mail protected] identified by ' vsftpd ';

Query OK, 0 rows Affected (0.00 sec)

Mysql> GRANT SELECT on vsftpd.* to [e-mail protected] ' 127.0.0.1 ' identified by ' vsftpd ';

Query OK, 0 rows Affected (0.00 sec)

Mysql> INSERT into users (Name,password) VALUES (' Tom ', ' Redhat ');

Query OK, 1 row Affected (0.00 sec)

Mysql> INSERT into users (Name,password) VALUES (' Jerry ', ' Redhat ');

Query OK, 1 row Affected (0.00 sec)

mysql> FLUSH privileges;

Query OK, 0 rows Affected (0.00 sec)

Mysql> \q

Files required to establish PAM certification

# Vim/etc/pam.d/vsftpd.mysql

Auth required/usr/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn =name Passwdcolumn=password crypt=0

Account required/usr/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=0

# useradd-s/sbin/nologin-d/var/vuser VUser

# chmod Go+rx/var/vuser

# vim/etc/vsftpd/vsftpd.conf

Pam_service_name=vsftpd.mysql

Force_local_data_ssl=no

Force_local_logins_ssl=no

######## Guset ##########

Guest_enable=yes

Guest_username=yes

User_config_dir=/etc/vsftpd/vuser_list

# mkdir/etc/vsftpd/vuser_list

# Touch/etc/vsftpd/vuser_list/{tom,jerry}

# Vim/etc/vsftpd/vuser_list/jerry (Jerry user has upload, create directory, delete file function)

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

Anon_other_write_enable=yes

# Service VSFTPD Restart

Test

[[Email protected] ~]# FTP 32.12.32.227

Connected to 32.12.32.227.

(VsFTPd 2.0.5)

504 Unknown AUTH type.

504 Unknown AUTH type.

Kerberos_v4 rejected as an authentication type

Name (32.12.32.227:root): Tom

331 Specify the password.

Password:

Successful Login.

Remote system type is UNIX.

Using binary mode to transfer files.

Ftp>

[[Email protected] ~]# FTP 32.12.32.227

Connected to 32.12.32.227.

(VsFTPd 2.0.5)

504 Unknown AUTH type.

504 Unknown AUTH type.

Kerberos_v4 rejected as an authentication type

Name (32.12.32.227:root): Jerry

331 Specify the password.

Password:

Successful Login.

Remote system type is UNIX.

Using binary mode to transfer files.

Ftp> lcd/etc

Local Directory Now/etc

Ftp> put Inittab

Local:inittab Remote:inittab

227 Entering Passive Mode (32,12,32,227,93,85)

Ok to send data.

226 File receive OK.

1666 bytes sent in 0.021 seconds (from KBYTES/S)

ftp> mkdir Test

257 "/test" created

Ftp> ls

227 Entering Passive Mode (32,12,32,227,230,252)

Here comes the directory listing.

-RW-------1 502 502 1666 16:21 Inittab

DRWX------2 502 502 4096 may 16:21 test

226 Directory send OK.

ftp> Delete Inittab

+ Delete operation successful.


Vsftpd+openssl+mysql implementing SFTP and FTP virtual users

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.