Link.
1. What is vsftpd?
Vsftpd isLinuxThe most popular FTP server program in the release version. Features: small, light, secure, and easy to use.
The name of vsftpd stands for "very secure FTP daemon". Security is one of the top concerns of Chris Evans, its developer. At the beginning of the FTP server design and development, high security is a goal.
Ii. installation and configuration
First, check if vsftpd is installed.
rpm -q vsftpd
If it is not installed, install it first.
yum -y install vsftpd
Enable vsftpd FTP at startup
chkconfig vsftpd on
Start vsftpd
service vsftpd start
Configure the vsftpd Server
3. New system users:
// Add new users not to log on to the local machine # useradd-D/home/dsideal-S/sbin/nologin dsideal // change the permission for adding a directory, only allow haojifang.cn to access this directory; # chown-r dsideal/home/dsideal # chmod 777-r/home/dsideal # passwd dsideal // set the password for the user; changing passwordforuser haojifang.cn. new Unix Password: Bad password: it does not contain enough different charactersretypenewunix password: passwd: All authentication tokens updated successfully.
5. Modify vsftpd. conf to prohibit Anonymous Account Login and allow user-created account login:
VI/etc/vsftpd. conf
Delete the content of the original file and replace it with the following content:
anonymous_enable=NOlocal_enable=YESwrite_enable=YESlocal_umask=022dirmessage_enable=YESxferlog_enable=YESconnect_from_port_20=YESxferlog_std_format=YESchroot_list_enable=YESchroot_list_file=/etc/vsftpd/chroot_listlisten=YESpam_service_name=vsftpduserlist_enable=YEStcp_wrappers=YES
4. Modify/etc/vsftpd/chroot_list and add a dsideal Account to allow the account to log on to the FTP server.
VI/etc/vsftpd/chroot_list
Content: dsideal
Restart the service. Now you can!
FTP server two channels
- Command Channel: port 21
- Data Transmission Channel
Active mode (port) (server-> client)
The client opens port N (random port n> 1024) and connects to port 21 of the server to establish a command channel;
The client establishes a data transmission channel with port n + 1 and Port 20 on the server.
Passive mode (PASV) (client-> server)
Open Port N (random port n> 1024) on the client and connect to port 21 on the server to establish a command channel (same as above );
The client establishes a data transmission channel through port n + 1 and the server> 1024 random port, and the client uses the PASV command.
Recommended Methods
Transmission in passive mode can minimize the timeout problem caused by the firewall configuration on the client. The procedure is as follows:
1. The client uses the passive mode command transmission;
2. The server enables the passive mode and specifies the port range in the passive mode.
3. Enable the firewall to open this IP segment
The configuration of vsftpd is as follows:
Pasv_enable = Yes
Pasv_min_port = 10000
Pasv_max_port = 10030 reference: http://boendev.iteye.com/blog/1604537