Vsftpd is the most popular FTP server program in the Linux release. Features: small, light, secure, and easy to use. It is a completely free and open source ftp software.
- 1
Online Installation
# Yum install vsftpd pam * db4 *-y
Use the command to configure vsftp as a system service
# Chkconfig -- level 35 vsftpd on
- 2
Configure the host of the vsftpd service
# Useradd vsftpdadmin-s/sbin/nologin-M
This vsftpdadmin is only used to replace the root user and does not need to be logged on.
- 3
Create an ftp virtual host account
# Useradd vsftpuser-s/sbin/nologin-M
This ftpuser only has virtual account hosts and does not need to be logged on.
Before configuring vsftpd. conf, back up the original
Vi/etc/vsftpd. conf
Anonymous_enable = YES --> anonymous_enable = NO // anonymous users are not allowed to access the service. The default value is allow.
Chroot_list_enable = YES --> chroot_list_enable = YES // FTP users are not allowed to leave their home directories.
Add
# Set the path for storing the configuration file of the virtual user's personal Vsftp. That is to say, the specified directory stores the configuration files of each Vsftp virtual user. Note that these configuration files must be the same as the virtual user name.
User_config_dir =/etc/vsftpd/vconf/userlocal
# This step is very important. Remember this step. Create a folder based on this configuration
# Modifying the port number
Ftp_data_port = 4040
Reverse_lookup_enable = NO
Pasv_enable = yes
Pasv_min_port = 48790
Pasvanderbilt max_port = 48800
Listen_port = 48796 # You can configure the port based on your actual situation, or use the default port. However, for the sake of security, you can configure it according to your actual situation (from the above red, you can do not configure it first)
Create a virtual User File
# Mkdir/etc/vsftpd/vconf
# Touch/etc/vsftpd/vonf/vir_user
Create a virtual user
# Vi/etc/vsftpd/vonf/vir_user
# Virtualuser // User Name
#12345678 // Password
Generate Database
# Db_load-T-t hash-f/etc/vsftpd/vconf/vir_user/etc/vsftpd/vconf/vir_user.db
Set Database File Access Permissions
# Chmod 600/etc/vsftpd/vconf/vir_user
# Chmod 600/etc/vsftpd/vconf/vir_user.db
Modify/etc/pam. d/vsftpd (you can comment out the content in the original file through)
Auth sufficient pam_userdb.so db =/etc/vsftpd/vconf/vir_user
Account sufficient pam_userdb.so db =/etc/vsftpd/vconf/vir_user
(To use both system users and virtual users, change required to sufficient)
Configure user_config_dir =/etc/vsftpd/vconf/userlocal according to step 4.
Create a userlocal folder
# Mkdir/etc/vsftpd/vconf/userlocal
Create a file based on the username created in Step 6
For example, if the account created in Step 6 is virtualuser, a new virtualuser file is created.
# Touch/etc/vsftpd/conf/userlocal/virtualuser
Edit the file path accessed by the user
# Vi/etc/vsftpd/conf/userlocal/virtualuser
Enter the following
Local_root = // the root directory of the website to be specified. For example, the folder www.baidu.com is/www/baidu.
Anonymous_enable = NO # prohibit anonymous user access
Write_enable = YES # Enable write permission
Local_umask = 022 # permission mask for uploaded files
Anon_upload_enable = NO # disable anonymous download
Anon_mkdir_write_enable = NO # disable anonymous Folder creation
Idle_session_timeout = 60 # The automatic session close time is 60 minutes.
Data_connection_timeout = 120 # data Delay Time
Max_clients = 10 # maximum number of connections
Max_per_ip = 5 # the same ip address allows five IP addresses to be connected at the same time.
Local_max_rate = 1048576 # Object User transmission speed limit, in B/s. 0 indicates no limit
After the configuration is complete, restart the vsftpd service: service vsftpd restart.
View the system Port Status: netstas-tulnp. If port 22 is being called by vsftpd, the startup is successful.
Part 2:
After the first part is configured according to the tutorial, an error is reported when fileZilla or winSCP is used to connect to the server, prompting that the connection server is unexpectedly exited. the sftp service is faulty. In this case, we need to configure the sftp server. (Because I didn't have it at the time, I wrote this article after a while. Therefore, the words described are not so accurate. Please forgive me)
The procedure is as follows. You can configure the sftp server step by step.1. Add a user group
Code example: # groupadd sftp2. Add a user and set it to an sftp Group
Code example: # useradd-g sftp-s/sbin/nologin-M sftp (if you have set a user before, you can add this user to the user group. Run the command # usermod-g sftp wfq) to check whether the user exists. # id wfq3. change the password of an sftp user
Code example: # passwd sftp
***********4. Create the root directory of the sftp user, set the owner and group, and modify the permissions (755)
Code example: # cd/home
# Mkdir sftp
# Chown root: sftp
# Chmod1 755 sftp5. Create an admin writable directory in the sftp directory
Code example: # cd sftp
# Mkdir report
# Chown admin: sftp report/6. modify the configuration file
Sample Code:# Vim/etc/ssh/sshd_config
Modify
# Subsystem sftp/usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
7. Add at the end of the sshd_config file
Code example: Match User sftp
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
ChrootDirectory/home/sftp8. Restart the sshd service.
Sample Code:# Service sshd restart
Connect again.
So far, a simple sftp server is configured, isn't it easy.
Part 2: script School