8. Setup of standalone running environment -- installation of vsftpd in CentOS-6.4

Link.

1. What is vsftpd?

Vsftpd isLinuxThe most popular FTP server program in the release version. Features: small, light, secure, and easy to use.

The name of vsftpd stands for "very secure FTP daemon". Security is one of the top concerns of Chris Evans, its developer. At the beginning of the FTP server design and development, high security is a goal.

Ii. installation and configuration

First, check if vsftpd is installed.

rpm -q vsftpd

If it is not installed, install it first.

yum -y install vsftpd

 Enable vsftpd FTP at startup

 

chkconfig vsftpd on

Start vsftpd

service vsftpd start

Configure the vsftpd Server

3. New system users:

// Add new users not to log on to the local machine # useradd-D/home/dsideal-S/sbin/nologin dsideal // change the permission for adding a directory, only allow haojifang.cn to access this directory; # chown-r dsideal/home/dsideal # chmod 777-r/home/dsideal # passwd dsideal // set the password for the user; changing passwordforuser haojifang.cn. new Unix Password: Bad password: it does not contain enough different charactersretypenewunix password: passwd: All authentication tokens updated successfully.

5. Modify vsftpd. conf to prohibit Anonymous Account Login and allow user-created account login:

VI/etc/vsftpd. conf

Delete the content of the original file and replace it with the following content:

anonymous_enable=NOlocal_enable=YESwrite_enable=YESlocal_umask=022dirmessage_enable=YESxferlog_enable=YESconnect_from_port_20=YESxferlog_std_format=YESchroot_list_enable=YESchroot_list_file=/etc/vsftpd/chroot_listlisten=YESpam_service_name=vsftpduserlist_enable=YEStcp_wrappers=YES

 

4. Modify/etc/vsftpd/chroot_list and add a dsideal Account to allow the account to log on to the FTP server.

VI/etc/vsftpd/chroot_list

Content: dsideal

Restart the service. Now you can!

 

FTP server two channels

1. Command Channel: port 21
2. Data Transmission Channel

Active mode (port) (server-> client)

The client opens port N (random port n> 1024) and connects to port 21 of the server to establish a command channel;

The client establishes a data transmission channel with port n + 1 and Port 20 on the server.

 

Passive mode (PASV) (client-> server)

Open Port N (random port n> 1024) on the client and connect to port 21 on the server to establish a command channel (same as above );

The client establishes a data transmission channel through port n + 1 and the server> 1024 random port, and the client uses the PASV command.

 

Recommended Methods

Transmission in passive mode can minimize the timeout problem caused by the firewall configuration on the client. The procedure is as follows:

 

1. The client uses the passive mode command transmission;

2. The server enables the passive mode and specifies the port range in the passive mode.

3. Enable the firewall to open this IP segment

 

The configuration of vsftpd is as follows:

 

Pasv_enable = Yes
Pasv_min_port = 10000
Pasv_max_port = 10030 reference: http://boendev.iteye.com/blog/1604537