Build an FTP server in Linux

Last Update:2018-01-09 Source: Internet

Author: User

Tags ftp protocol

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Source: Linux Community luzhi1024

Build an FTP server in Linux.

FTP works by starting two channels:
Control channel, data channel
In the FTP protocol, the control connection is initiated by the client, and there are two modes of data connection: Port mode (active mode) and PASV (passive mode)
Port mode:
When the client needs to receive data, the ftp_client (random port greater than 1024)-port command->ftp_server (21) sends the port command, which contains the port that the client uses to receive data (a random port greater than 1024). When data is transferred, Ftp_server will establish a new connection to transmit data through its own TCP 20 port and the ports contained in port.

PASV mode:
When transmitting data, the FTP_CLIENT--PASV command-->ftp_server (21) sends the PASV command, Ftp_server automatically opens a random port between 1024--5000 and notifies FTP_ The client transmits the data on this port, and then the clients make a request connection to the specified port and establish a data link to transmit it.
Install FTP
#rpm-qa vsftpd See if you have installed

#yum install-y vsftpd

#rpm-QL vsftpd
/etc/logrotate.d/vsftpd. Log files for vsftpd
/ETC/PAM.D/VSFTPD Pam Certification File
/ETC/RC.D/INIT.D/VSFTPD Startup scripts
directory where the/etc/vsftpd vsftpd configuration file is stored
/etc/vsftpd/ftpusers prohibit the use of VSFTPD user list files
/etc/vsftpd/user_list prohibit or allow the use of VSFTPD user list files
/ETC/VSFTPD/VSFTPD.CONF Master configuration file
/etc/vsftpd/vsftpd_conf_migrate.sh Some variables and settings for VSFTPD operations
/USR/SBIN/VSFTPD VSFTPD's main program
Some other explanatory documents and manuals file slightly!
/var/ftp Anonymous User home directory
/var/ftp/pub download directory for anonymous users

#service vsftpd Start
#chkconfig--level vsftpd
#chkconfig--level 2345 vsftpd on

2 Login name for anonymous User: FTP (anonymous) password empty, login directory is/var/ftp
When logged in with an anonymous user, the default is only download permissions, no upload, create and delete permissions:

#vim/etc/vsftpd/vsftpd.conf
Anon_upload_enable=yes Upload
Anon_mkdir_write_enable=yes Create
Anon_other_write_enable=yes Delete
#service vsftpd Restart

Anonymous users should be prevented from logging in for security purposes:
123456 #vim/etc/vsftpd/vsftpd.conf
Anonymous_enable=no
#anon_upload_enable =yes Upload
#anon_mkdir_write_enable =yes Create
#anon_other_write_enable =yes Delete
#service vsftpd Restart

3 Create a login directly to the system user to log in to ftp:
#useradd-S/sbin/nologin viong
#passwd Viong

User has upload create download switch directory
------------------------------------------------------------------
4 Strengthening VSFTP security settings:
Restrict system users from locking home directories:
#vim/etc/vsftpd/vsftpd.conf
Chroot_list_enable=yes
Chroot_list_file=/etc/vsftpd/chroot_list limit more users of the system, the need to restrict users to join the/etc/vsftpd/chroot_list can
#touch/etc/vsftpd/chroot_list
#cut-D:-F 1/etc/passwd >>/etc/vsftpd/chroot_list add Local users to Chroot_list

Restrict critical system users from logging on to ftp:
#cat/etc/vsftpd/ftpusers Some of the more important users in the system have been added by default
#echo "Viong" >>/etc/vsftpd/ftpusers at this time Viong cannot log on to FTP

Use FTP user policy to allow system users to log on to ftp:
/etc/vsftpd/user_list only users in this file can log in to the system:
#vim/etc/vsftpd/vsftpd.conf
#在userlist_enable =yes Add the following
Userlist_deny=no
Userlist_file=/etc/vsftpd/user_list

Set logon FTP Destination IP address: set with Iptables

---------------------------------------
Build VSFTPD to support SSL encrypted transmission:
#openssl req-x509-nodes-days 365-newkey Rsa:1024-keyout/etc/vsftpd/vsftpd.pem-out/etc/vsftpd/vsftpd.pem Generate certificate
#vim/etc/vsftpd/vsftpd.conf
Ssl_enable=yes
Allow_anon_ssl=no
Force_local_data_ssl=yes
Force_local_logins_ssl=yes
Ssl_tlsv1=yes
Ssl_sslv2=yes
Ssl_sslv3=yes
Rsa_cert_file=/etc/vsftpd/vsftpd.pem

Here are some definitions of SSL parameters to modify according to your needs:

Ssl_enable=yes/no//Whether SSL is enabled, default is no
Allow_anon_ssl=yes/no//Whether to allow anonymous users to use SSL, default to No
Rsa_cert_file=/path/to/file the location of the//RSA certificate
Dsa_cert_file=/path/to/file the location of the//DSA certificate
Force_local_logins_ssl=yes/no//Non-anonymous user is encrypted when logged on, default is yes
Force_local_data_ssl=yes/no//Non-anonymous user is encrypted when transferring data, default is Yes
force_anon_logins_ssl=yes/no//Anonymous user is encrypted when logged on, default is no
force_anon_data_ssl=yes/no//Anonymous user is encrypted when data transfer, default is no
Ssl_sslv2=yes/no//Whether to activate SSLV2 encryption, default No
Ssl_sslv3=yes/no//Whether to activate SSLv3 encryption, default No
Ssl_tlsv1=yes/no//Whether to activate TLS v1 encryption, default Yes
Ssl_ciphers= encryption method//default is Des-cbc3-sha

#service vsftpd Restart

Connect with Flashftp:
Connection type: FTP uses public SSL (verify SSL)
Address: 192.168.137.130:21
Login type: Normal
Users: Viong
Password: 123

FTP virtual user see: Http://www.linuxidc.com/Linux/2015-06/118443.htm

Four high-level configurations for VSFTPD server: http://www.linuxidc.com/Linux/2013-09/90565.htm

VSFTPD Configuration Tutorial: http://www.linuxidc.com/Linux/2013-09/90562.htm

CentOS 7 Installation Configuration FTP server http://www.linuxidc.com/Linux/2014-11/109233.htm

Ubuntu Utility Simple FTP Erection http://www.linuxidc.com/Linux/2012-02/55346.htm

Set up an FTP server and Apache server on Ubuntu http://www.linuxidc.com/Linux/2011-04/35295.htm

Ubuntu 13.04 Installation lamp\vsftpd\webmin\phpmyadmin services and Settings http://www.linuxidc.com/Linux/2013-06/86250.htm

A simple case of anonymous uploading of SELinux and VSFTPD under the RHEL6 platform http://www.linuxidc.com/Linux/2013-04/82300.htm

Linux system VSFTPD Source Installation http://www.linuxidc.com/Linux/2013-03/81475.htm

OpenSUSE 13.2/13.1 Under Install configure FTP server VSFTPD http://www.linuxidc.com/Linux/2014-12/110070.htm

This article permanently updates the link address : http://www.linuxidc.com/Linux/2015-06/118442.htm

Build an FTP server in Linux

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More