Build vsftp server and sftp server under Centos6.5

Source: Internet
Author: User

Build vsftp server and sftp server under Centos6.5

Part 1: Refer to Baidu experience and Portal

Vsftpd is the most popular FTP server program in the Linux release. Features: small, light, secure, and easy to use. It is a completely free and open source ftp software.

Tools/Raw Materials
  • CentOS6.5
Method/step
  1. 1

    Online Installation

    # Yum install vsftpd pam * db4 *-y

    Use the command to configure vsftp as a system service

    # Chkconfig -- level 35 vsftpd on

  2. 2

    Configure the host of the vsftpd service

    # Useradd vsftpdadmin-s/sbin/nologin-M

    This vsftpdadmin is only used to replace the root user and does not need to be logged on.

  3. 3

    Create an ftp virtual host account

    # Useradd vsftpuser-s/sbin/nologin-M

    This ftpuser only has virtual account hosts and does not need to be logged on.

  4. Before configuring vsftpd. conf, back up the original

    Vi/etc/vsftpd. conf

    Anonymous_enable = YES --> anonymous_enable = NO // anonymous users are not allowed to access the service. The default value is allow.

    Chroot_list_enable = YES --> chroot_list_enable = YES // FTP users are not allowed to leave their home directories.

    Add

    # Set the path for storing the configuration file of the virtual user's personal Vsftp. That is to say, the specified directory stores the configuration files of each Vsftp virtual user. Note that these configuration files must be the same as the virtual user name.

    User_config_dir =/etc/vsftpd/vconf/userlocal

    # This step is very important. Remember this step. Create a folder based on this configuration

    # Modifying the port number

    Ftp_data_port = 4040

    Reverse_lookup_enable = NO

    Pasv_enable = yes

    Pasv_min_port = 48790

    Pasvanderbilt max_port = 48800

    Listen_port = 48796 # You can configure the port based on your actual situation, or use the default port. However, for the sake of security, you can configure it according to your actual situation (from the above red, you can do not configure it first)

  5. Create a virtual User File

    # Mkdir/etc/vsftpd/vconf

    # Touch/etc/vsftpd/vonf/vir_user

  6. Create a virtual user

    # Vi/etc/vsftpd/vonf/vir_user

    # Virtualuser // User Name

    #12345678 // Password

  7. Generate Database

    # Db_load-T-t hash-f/etc/vsftpd/vconf/vir_user/etc/vsftpd/vconf/vir_user.db

  8. Set Database File Access Permissions

    # Chmod 600/etc/vsftpd/vconf/vir_user

    # Chmod 600/etc/vsftpd/vconf/vir_user.db

  9. Modify/etc/pam. d/vsftpd (you can comment out the content in the original file through)

    Auth sufficient pam_userdb.so db =/etc/vsftpd/vconf/vir_user

    Account sufficient pam_userdb.so db =/etc/vsftpd/vconf/vir_user

    (To use both system users and virtual users, change required to sufficient)

  10. Configure user_config_dir =/etc/vsftpd/vconf/userlocal according to step 4.

    Create a userlocal folder

    # Mkdir/etc/vsftpd/vconf/userlocal

  11. Create a file based on the username created in Step 6

    For example, if the account created in Step 6 is virtualuser, a new virtualuser file is created.

    # Touch/etc/vsftpd/conf/userlocal/virtualuser

  12. Edit the file path accessed by the user

    # Vi/etc/vsftpd/conf/userlocal/virtualuser

    Enter the following

    Local_root = // the root directory of the website to be specified. For example, the folder www.baidu.com is/www/baidu.

    Anonymous_enable = NO # prohibit anonymous user access

    Write_enable = YES # Enable write permission

    Local_umask = 022 # permission mask for uploaded files

    Anon_upload_enable = NO # disable anonymous download

    Anon_mkdir_write_enable = NO # disable anonymous Folder creation

    Idle_session_timeout = 60 # The automatic session close time is 60 minutes.

    Data_connection_timeout = 120 # data Delay Time

    Max_clients = 10 # maximum number of connections

    Max_per_ip = 5 # the same ip address allows five IP addresses to be connected at the same time.

    Local_max_rate = 1048576 # Object User transmission speed limit, in B/s. 0 indicates no limit

  13. After the configuration is complete, restart the vsftpd service: service vsftpd restart.

    View the system Port Status: netstas-tulnp. If port 22 is being called by vsftpd, the startup is successful.

    Part 2:

    After the first part is configured according to the tutorial, an error is reported when fileZilla or winSCP is used to connect to the server, prompting that the connection server is unexpectedly exited. the sftp service is faulty. In this case, we need to configure the sftp server. (Because I didn't have it at the time, I wrote this article after a while. Therefore, the words described are not so accurate. Please forgive me)

    The procedure is as follows. You can configure the sftp server step by step.

    1. Add a user group

    Code example: # groupadd sftp

    2. Add a user and set it to an sftp Group

    Code example: # useradd-g sftp-s/sbin/nologin-M sftp (if you have set a user before, you can add this user to the user group. Run the command # usermod-g sftp wfq) to check whether the user exists. # id wfq

    3. change the password of an sftp user

    Code example: # passwd sftp
    ***********

    4. Create the root directory of the sftp user, set the owner and group, and modify the permissions (755)

    Code example: # cd/home
    # Mkdir sftp

    # Chown root: sftp
    # Chmod1 755 sftp

    5. Create an admin writable directory in the sftp directory

    Code example: # cd sftp
    # Mkdir report
    # Chown admin: sftp report/

    6. modify the configuration file

    Sample Code:

    # Vim/etc/ssh/sshd_config

    Modify
    # Subsystem sftp/usr/libexec/openssh/sftp-server
    Subsystem sftp internal-sftp

    7. Add at the end of the sshd_config file

    Code example: Match User sftp
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp
    ChrootDirectory/home/sftp

    8. Restart the sshd service.

    Sample Code:

    # Service sshd restart

    Connect again.

    So far, a simple sftp server is configured, isn't it easy.

    Part 2: script School


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.