Elementary FTP construction and ftp Construction

Elementary FTP construction and ftp Construction

I. Basic FTP knowledge
Vsftpd

1. What is FTP?
File Transfer Protocol Based on the C/S structure
2. What protocol is used? What port?
TCP 21 establishes command links
TCP 20 in active transmission mode, the server uses Port 20 to establish a data link to the client.
3. How FTP works

--------- Client Server --------------

103121
1032 20

① The client sends a connection request to the server, and the client system dynamically opens a port greater than 1024 waiting for the server to connect (such as port 1031)
② If the FTP server listens for this request on port 21, an FTP session connection is established between port 1031 of the client and port 21 of the server.
③ When data needs to be transmitted, the FTP client dynamically opens a port greater than 1024 (such as port 1032) to connect to Port 20 of the server and transmits data between the two ports. When data transmission is complete, these two ports are automatically disabled.
④ When the FTP client is disconnected from the FTP server, the dynamically allocated port on the client is automatically released

4. FTP Working Mode
Active FTP ):
In active transmission mode, the FTP client randomly opens a port N (1024) greater than 1025 to initiate a connection to port 21 of the server, and then opens port N + 1 (1026) and send the PORT 1026 command to the server. After receiving the command, the server uses its local FTP data port (usually 20) to connect to port 1026 specified by the client for data transmission.

Passive transmission mode (Passive FTP ):
In passive transmission mode, the FTP client randomly opens a port N (1024) greater than 1025 to initiate a connection to port 21 of the server, and starts port N + 1 (1026 ), then, send the PASV command to the server. The notification server is in passive mode. After receiving the command, the server opens a PORT greater than 1024 (1521) for listening, and then uses the PORT command to notify the client that its own data PORT is 1521. after receiving the command, the client connects to port 1026 of the server through port 1521 and transmits data between the two ports.
5. FTP transmission mode
Binary Mode: Image and execution File compression
Text mode: CGI script and common HTML file
Currently, the FTP client and the server can automatically identify the file type and select the corresponding transmission mode.
6. FTP account type
Anonymous user: ftp or anonymous
Local User: Linux server's local system user account
Virtual User: account information is stored in an independent file or database.
7. vsftpd is installed by default.
Anonymous users and local users can log on
An anonymous user logs on to/var/ftp and can only download files but cannot upload files.
The local user logs on to the Home Directory of the local user, which can be uploaded and downloaded.
Ftp and lftp commands
Get download
Put upload
Multiple mget downloads, supporting wildcards
Multiple mput uploads. Wildcards are supported.
! Cmd execute External commands
LCD switch external path
9. Access the FTP address Representation Method
User verification access
Ftp: // user: pass@192.168.4.5
Ftp: // user: pass@192.168.4.5/path/to/file

URL, uniform resource locator (URL)
Uniied Resource Locator
Protocol: // username: password @ server address: Port/directory path/file name

10. What is the ftp package that comes with RHEL6? What is the main configuration file? Service Startup Script?
Vsftpd
/Etc/vsftpd. conf
Key field significance: anonymous_enable = YES # enable Anonymous sharing
Local_enable = YES # enable local account sharing
Write_enable = YES # whether the local account can be written
Anon_upload_enable = YES # whether anonymous users can upload files
Anon_mkdir_write_enable = YES # You can create directories anonymously.
Anon_other_write_enable = YES # anonymous Delete, rename
Chroot_local_user # block a local account
Anon_root =/abc # define the/abc directory as the root directory of an anonymous user
Anon_umask = 022 # define the mask value uploaded by anonymous users

11. configuration file:/etc/vsftpd. conf (Master configuration)
/Etc/vsftpd/ftpusers (blacklist)
/Etc/vsftpd/user_list (black/white list)
In the field userlist_enable = YES or NO // whether to enable the user_list File
When the field userlist_deny = NO, user_list is a whitelist.
12. Other common options
Listen_port = port number
Listen_address = IP Address

 

14. Concurrent connection and speed:
Max_clients = maximum number of concurrent connections
Max_per_ip = maximum number of concurrent connections of the same IP address
Anon_max_rate = anonymous user access speed (byte/second)
Local_max_rate = local user access speed (byte/second)

Install FTP
1. install the software package

Turn off the firewall and selinux, or you need to configure it in advance.
Yum-y install vsftpd

2. Start the service
Service vsftpd restart
Chkconfig vsftpd on
Netstat-anptu | grep vsftpd

3. Create a test file
Ls-l/etc/*>/var/ftp/pub/anon.txt
[Root @ svr5 ~] # Useradd lisi
[Root @ svr5 ~] # Echo 123456 | passwd -- stdin lisi
[Root @ svr5 ~] # Ls-l/etc/*> ~ Lisi/lisi.txt
4. Verification: (client test)
Browser test:
Ftp: // 192.168.4.5/
Ftp: // lisi: 123456@192.168.4.5/user password login Mode
Command Line test:
[Root @ pc205 ~] # Yum-y install ftp lftp
[Root @ pc205 ~] # Ftp 192.168.4.5
Ftp> cd pub
Ftp> ls
Ftp> get anon.txt
Ftp>! Ls
Ftp> put install. log
Ftp> quit
[Root @ pc205 ~] # Lftp 192.168.4.5
Lftp 192.168.4.5: ~> User lisi
Password:
[Root @ pc205 ~] # Yum-y install wget
[Root @ pc205 ~] # Wget ftp: // lisi: 123456@192.168.4.5/lisi.txt download file test

Experiment summary:
Anonymous users and local users can log on
An anonymous user logs on to/var/ftp and can only download files but cannot upload files.
The local user logs on to the Home Directory of the local user and can upload and download the Home Directory of the user.

Lab 3:
Banned local users in their home directories
Tutorial steps:
Test the default result on the client first
[Root @ pc205 ~] # Ftp 192.168.4.5
...
Name (192.168.4.5: root): lisi
331 Please specify the password.
Password:
...
Ftp> pwd
257 "/home/lisi"
Configure on the server
[Root @ svr5 ~] # Cd/etc/vsftpd/
[Root @ svr5 vsftpd] # cp vsftpd. conf vsftpd. conf. bak
[Root @ svr5 vsftpd] # vim vsftpd. conf
...
96 chroot_local_user = YES
...
[Root @ svr5 vsftpd] # service vsftpd restart
Test on the client:
[Root @ pc205 ~] # Ftp 192.168.4.5
...
Name (192.168.4.5: root): lisi
331 Please specify the password.
Password:
230 Login successful.
Ftp> pwd
257 usd "/"

Experiment 4: user access control (blacklist and whitelist)
Prevent mike from accessing through ftpusers
Set user_list as a whitelist
Allow lisi and mike to access
Test anonymous access, lisi access, and mike access respectively.
Add ftp to the White List and test anonymous access.
[Root @ svr5 ~] # Useradd mike
[Root @ svr5 ~] # Echo 123456 | passwd -- stdin mike
[Root @ svr5 ~] # Grep mike/etc/vsftpd/ftpusers
Mike
[Root @ svr5 ~] # Service vsftpd restart
Test: Use mike to access ftp
[Root @ svr5 ~] # Vim/etc/vsftpd. conf
...
121 userlist_deny = NO
...
[Root @ svr5 ~] # Service vsftpd restart
[Root @ svr5 ~] # Grep mike/etc/vsftpd/ftpusers
[Root @ svr5 ~] # Tail-n 2/etc/vsftpd/user_list
Lisi
Mike
Test:
Use mike and lisi respectively to log on to the test.
After the experiment is completed, comment out the main configuration file 121 userlist_deny = NO and remove the Accounts added in user_list and ftpusers.

Lab 5:
Up to 100 concurrent requests, up to 2 Concurrent requests per IP Address
The speed of anonymous download is limited to 50 kb/s.
Limit the download speed to kb/s
Use ftp and wget to verify the above restrictions

[Root @ svr5 ~] # Vim/etc/vsftpd. conf
...
122 max_clients = 100
123 max_per_ip = 2
124 anon_max_rate = 50000
125 local_max_rate = 500000

[Root @ svr5 ~] # Service vsftpd restart
[Root @ svr5 ~] # Dd if =/dev/zero of =/var/ftp/pub/anon. tgz bs = 1 M count = 1000
[Root @ svr5 ~] # Dd if =/dev/zero of =/home/lisi/local. tgz bs = 1 M count = 1000
Test:
[Root @ pc205 ~] # Wget ftp: // 192.168.4.5/pub/anon. tgz
[Root @ pc205 ~] # Wget ftp: // lisi: 123456@192.168.4.5/local. tgz

Supplement:
Anonymous Users cannot log on to the shared root directory (/var/ftp). Otherwise, anonymous accounts are not allowed to log on!