Detailed Linux build vsftp server for file transfer in three ways

Overview

The FTP (file Transfer Protocol) Chinese is called the "Files Transfer Protocol". Used for two-way transmission of control files on the Internet.

Working principle one, Active mode:

1, the client through the user name and password to log on to the server side, the login is 21 port (server-side active open).
2, the server side through the 21 port to receive client access, verify the user name and password.
3, the successful login, the client will randomly open a port of more than 1024, on the port will be passed a command called Port, through the command to tell the server, open the port, to the client to pass data. (The random port number will be communicated to the server by the way)
4. After the server receives the port, the server port will turn on the 20 port of this machine. The data is then sent to the client's random port.

Second, the passive mode:

1, the client log on to the server through the user name and password, the login is 21 port.
2, login success, the client will open the PASV command, through the PASV, inform the server side, the use of passive mode connection.
3, the server will open a more than 1024 random port.
4, the server will send the number of random port to the client, the client through its own random port to the server to pass data.

Comparison between primary and passive

Active mode: The administrator can only control the server side, can not control the client, the client is not in the control of the administrator, the other side of the firewall may cause connection interruption.
Passive mode: Although the Open is a random port, but the server side in the administrator's control, as long as the random port specified clearly, in the server's firewall through these access, so as not to cause the FTP connection interruption.
Problem: The random open port range in passive mode is too much!!!
Resolution: The server can modify the configuration file will randomly open the port to press 10 or 100, in the server-side firewall to the 100 random port access opened, FTP can be accessed normally.

About ports

FTP connection port (in active mode)
Control connection: TCP 21, for sending FTP command information
Data connection: TCP 20 for uploading and downloading data

FTP access mode

1. Anonymous User: Anonymous or FTP
2. Local Users: Using Linux system users and Passwords
3. Virtual User: Administrator-defined impersonated user

Experimental environment

• System environment: centos6.5, Windows7
• Server-side IP address: 192.168.1.77 (Linux)
• Client-side IP address: 192.168.1.10 (Windows7)
• Yum Mount directory:/mnt/sr0
• RPM Package used: vsftpd-2.2.2-11.el6_4.1.x86_64.rpm (main package)

Build step one, access using anonymous users 1, close iptables, and SELinux

[Email protected] ~]# chkconfig iptables off
[Email protected] ~]# Vim/etc/sysconfig/selinux

2. Server-side Installation VSFTP Service RPM package

[Email protected] ~]# cd/mnt/sr0/packages/
[Email protected] packages]# RPM-IVH vsftpd-2.2.2-11.el6_4.1.x86_64.rpm

3. Modify the configuration file

[Email protected] ~]# cd/etc/vsftpd/
[Email protected] vsftpd]# vim vsftpd.conf

4. Modify the default upload directory permissions

[Email protected] ~]# chmod 777/var/ftp/pub/#一定要注意!!! Do not set directory permissions on the/VAR/FTP,/VAR/FTP is the FTP server site, if the permissions are too large, it means that the entire site can be deleted, login will be error. At this point the system specifically prepares the pub directory for permission settings.

5, upload the directory to write test files

[Email protected] ~]# echo "This is Testfile" >/var/ftp/pub/test.txt

6, Virtual machine access to FTP implementation download

7, Virtual machine access to FTP implementation upload

8. View Upload File

[Email protected] ~]# cd/var/ftp/pub/
[email protected] pub]# LL

Second, the use of local user access to the user is imprisoned in the specified directory 1, modify the configuration file

[Email protected] ~]# cd/etc/vsftpd/
[Email protected] vsftpd]# vim vsftpd.conf

2. Add local test user

[Email protected] ~]# Useradd Zhangsan
[Email protected] ~]# passwd Zhangsan
[Email protected] ~]# Useradd Lisi
[Email protected] ~]# passwd Lisi

3, modify the specified upload directory permissions

[Email protected] ~]# chmod 777/var/ftp/pub/#之前已经改过了, but still want to deepen the impression

4. User Access

5. View Upload File

[Email protected] ~]# cd/var/ftp/pub/
[email protected] pub]# LL

6. Use DOS login to see if the user is free to cut the household directory

Third, use the local user way to access _ blacklist 1, modify the configuration file

[Email protected] ~]# cd/etc/vsftpd/
[Email protected] vsftpd]# vim vsftpd.conf

2. Modify the user Control list file

[Email protected] ~]# cd/etc/vsftpd/
[Email protected] vsftpd]# echo "Zhangsan" >> user_list #将zhangsan用户添加至黑名单中
[email protected] vsftpd]# cat User_list

[Email protected] ~]#/etc/init.d/vsftpd restart #重启服务

3. Access Test

Iv. access using Virtual User 1. Add a virtual user password file

[Email protected] ~]# vim/etc/vsftpd/vuser.txt #创建虚拟用户口令文件. Can be called any name, or can be placed anywhere.

2. Generate Virtual user password Authentication file

[Email protected] ~]# db_load-t-t hash-f/etc/vsftpd/vuser.txt/etc/vsftpd/vuser.db
#将文本文档转变为认证的数据库 (Generate a database from a user name, password file)
-T: conversion;
-T: Specifies the hashing algorithm;
-F: Specifies the file that generates the/ETC/VSFTPD/VUSER.DB data file. Note Vuser.db is a binary file.

3, edit the VSFTPD Pam certification file

[Email protected] ~]# vim/etc/pam.d/vsftpd.vu #新建一个针对虚拟用户pmd认证文件

4. Establish local mapping user and set host directory permissions

[Email protected] ~]# useradd-d/home/vfproot-s/sbin/nologin vuser #此用户只做本地用户对虚拟的映射
[Email protected] ~]# chmod 755/home/vfproot/

5. Modify the configuration file

[Email protected] ~]# cd/etc/vsftpd/
[Email protected] vsftpd]# vim vsftpd.conf

6. Restart the VSFTPD service and test

[Email protected] ~]#/etc/init.d/vsftpd restart

7. View Upload File

[Email protected] ~]# cd/home/vfproot/
[email protected] vfproot]# LL

V. Use the virtual user mode to access _ for each user Configuration 1, modify the configuration file

[Email protected] ~]# cd/etc/vsftpd/
[Email protected] vsftpd]# vim vsftpd.conf

2. Create a directory manually

[Email protected] ~]# Mkdir/etc/vsftpd/vusers_dir

3, for "Luo san Gun" user set up a configuration file

[Email protected] ~]# cd/etc/vsftpd/vusers_dir/
[[email protected] vusers_dir]# vim luosanpao #为 "Luo san cannon" Create a configuration file. Attention!!!! You must create a configuration file with the same name

4. Create an Upload directory

[Email protected] ~]# Mkdir/tmp/vluosanpao
[Email protected] ~]# chown vuser:vuser/tmp/vluosanpao/#修改所有者, owning group

5. Restart and test

[Email protected] ~]#/etc/init.d/vsftpd restart

[Email protected] ~]# cd/tmp/vluosanpao/
[email protected] vluosanpao]# LL

6. Use "exhibition Zhao" virtual User for testing

Detailed Linux build vsftp server for file transfer in three ways