First, the FTP working principle
(1) FTP use port
[[email protected] ~]# cat /etc/services | grep FTP
Ftp-data 20/ TCP # data link: port 20
FTP 21/ TCP # control link: port 21
(2) FTP connection mode
Two connection modes are supported: Active mode (Port) and passive mode (PASV), both of which are for the data link, regardless of the control link.
- Active Mode working process:
1. The client establishes a control link from one of its own ports (N > 1024) and 21 ports on the FTP server
2. The client then issues a port instruction to tell the server to connect its own n+1 port to establish a data channel
3. When the FTP server receives this instruction, it uses 20 port to connect the user to the port number specified in the port instruction n+1 to send the data
- Passive mode working process:
1. The client establishes a control link from one of its own ports (N > 1024) and 21 ports on the FTP server
2. The client then sends a PASV instruction that tells the server to connect to a port on the server itself.
3. If the port on the server is idle, the server returns a confirmation message and the data transfer channel is established, but if the port on the server is used by another resource, then the server returns the unacknowledged information, then this is the client sends the PASV command again.
Attention:
- In the whole process of the FTP client connecting the server, the control channel is kept connected, and the data transmission channel is established temporarily;
- The active mode establishes the data transmission channel to be initiated by the server, the server uses 20 port to connect the client to a certain more than 1024 port;
- In passive mode, the data transmission channel is initiated by the client, which uses a port greater than 1024 to connect to a port above port 1024 of the server.
Ii. FTP Server Setup
Requirements : Build an FTP server in Linux to store files, create an FTP user: Test, home directory is:/home/test, set the user is not allowed to log on to the server, and need to restrict the user can not leave their home directory.
"Implementation Steps"
1. Check if the system has VSFTPD installed
# Rpm-qa | grep vsftpd
Vsftpd-3.0.2-21.el7.x86_64
Note : vsftp (Very Secure FTP) is the most used FTP server on Linux systems.
2. Check if the VSFTPD service is powered on
# chkconfig--list vsftpd
VSFTPD 0:off 1:off 2:on 3:on 4:on 5:on 6:off
3. Create a new user account the test,-d parameter specifies the home directory at which the user is logged in, and the parameter-m indicates that the home directory is automatically created if it does not exist
# useradd-d/home/test-m Test
To set a password for a user, enter a command:
# passwd Password
Configuration of 4.VSFTPD
After the installation is complete, execute the command "RPM-QL vsftpd" to view VSFTPD-related profiles and documents, where there are three primary profiles in the/ETC/VSFTPD directory:
- VSFTPD.CONF Master configuration file
- FTPUSERS Specifies which users cannot access the FTP server
- User_list whether the specified user can access the FTP server
Viewing the vsftpd.conf configuration file
The contents are as follows:
1 [[email protected] ~] # cat /etc/vsftp/vsftpd.conf | grep-v '^ # '
2 #-- anonymous user Settings
3 anonymous_enable=NO # disable anonymous user login
4
5 #-- local user Settings
6 local_enable=YES # allows local users to log on to the FTP server
7 write_enable=YES # allows users to write to the server
8 local_umask=022 # sets the permission mask for local user-created files on the server
9
10 #-- welcome language Settings
11 dirmessage_enable=YES # enable directory prompt messages
12
13 #-- log file Settings
14 xferlog_enable=YES # enable log file on /var/log/xferlog
15 xferlog_std_format=YES # enable a standard log format
16
17 #-- FTP working mode and port Settings
18 connect_from_port_20=YES # active mode, whether to enable the default 20 port for data transfer
19
# 20 -- Settings related to connections --
21 listen=NO # VSFTPD does not run as a standalone service, which is governed by the xinetd service and has limited functionality
22 listen_ipv6 = is
23
24 #-- controls whether the user is allowed to switch to the parent directory
25 chroot_list_enable=YES # enable the ability to restrict the user in the home directory
26 chroot_list_file= /etc/vsftp/chroot_list # add the username you want to restrict to the chroot_list file, one user per line
27
28 #-- virtual user Settings
29 pam_service_name= VSFTPD # virtual user authentication using PAM
30
31 #-- controls user access (via vsftpd.user_list and ftpusers files) --
32 userlist_enable=YES # whether the userlist_file file is enabled
33 userlist_file= /etc/vsftp/user_list # allows users added to the user_list file to access the FTP server
34
35 #-- controlling host access
36 tcp_wrappers=YES # VSFTPD server checks the Settings in /etc/hosts.allow and /etc/hosts.deny to determine whether the host requesting a connection will allow access to the FTP server
37
38 #-- other Settings --
39 allow_writeable_chroot=YES # removes write permissions from a user's home directory
In the configuration of the relevant options for the above vsftpd.conf, the configuration of the Ftpuser file and the User_list file is as follows:
- Ftpusers file: Do not add a test user, indicating that the user cannot access the FTP server
- User_list file: Userlist_deny=yes is set in the/etc/vsftpd.conf Master profile (by default), the test user is not added, indicating that the user cannot access the FTP server
5. Turn on VSFTPD service
#service vsftpd Start
6. Accessing the FTP server method
- Browser: FTP://IP Address
- FTP client software, such as FileZilla, enter FTP server IP, username, password, port: 21
- Command line terminal: FTP User name @ftp server IP, or FTP 127.0.0.1
Note : Turn off the firewall and SELinux on the FTP server (to prevent port throttling)
-------------------------------
Complementary knowledge points
- FTP Log feature configuration
Xferlog_enable=yes//Turn on log function Xferlog_file=/var/log/xferlog//log file location Xferlog_std_format=yes//logging using standard format
Xferlog the log file records the FTP session, which shows what files the user has copied from the FTP server. One of the records is as follows:
Thu Feb 10:09:05 1 10.10.10.9 990./home/ftpie.txt B _ o r Test FTP 0 * C
Meaning: At some time the test user uploaded files to the host 10.10.10.9
Data parameter description
Record Data |
Parameter name |
Parameter description |
Thu Feb 16 10:09:05 |
Current time |
Current server local time |
1 |
Transmission time |
The time, in seconds, to transfer the file |
10.10.10.9 |
Remote Host name/IP |
Remote Host name/IP |
990 |
File size |
The size of the transferred file, in units of byte |
./home/ftpie.txt |
Filename |
Transfer file name, including path |
B |
Transport type |
Type of transmission, including two types: A in ASCII transfer B with binary file transfer |
– |
Special handling Signs |
Special handling of flag bits, possible values include: _ Do not do any special treatment C file is a compressed format U file is non-compressed format T file is in tar format |
O |
Transmission direction |
File transfer direction, including two types: o Transfer from FTP server to client I transfer from client to FTP server |
R |
Access mode |
User access modes, including: A anonymous user G Guest User R real users, that is, users in the system |
Test |
User name |
User name |
Ftp |
Service Name |
The name of the service used, typically FTP |
0 |
Authentication method |
Authentication methods, including: 0 No 1 RFC931 Certification |
* |
Authentication User ID |
ID of the authenticated user, if * is used, indicates that the ID cannot be obtained |
C |
Completion status |
Status of the transfer: C means the transfer is complete I means completion of the transmission display |
After the server installation is complete VSFTPD is allowed anonymous user access, anonymous access username is FTP, password is empty. This user can find in the/etc/passwd file
Ftp:x:14:50:ftp User:/var/ftp:/sbin/nologin
Data parameter Description:
In this line of FTP users, there are seven fields, each separated by a colon;
- FTP User Name
- x password field, is hidden
- 14 UID field of the user, is unique
- 50 user group GID, is unique
- FTP User Description field
- /var/ftp is the home directory for FTP users
- /sbin/nologin indicates that the system cannot be logged on, and if/sbin/nologin is changed to/bin/bash, the FTP user can log on to the system as a real user via either local or remote tool ssh or Telnet.
By default, the folder accessed by the anonymous user login is generally/var/ftp and can be added or deleted by the user themselves. Also, the permissions of anonymous users can only be downloaded, not uploaded or other write operations.
- Configuring the VSFTPD server to work on non-standard ports (not 21 ports)
In/etc/vsftpd.conf, add the list_port=10034 or other port number options to the file, and then restart the vsftp daemon.
# FTP 127.0.0.1 10034 Note: This port is no longer useful when testing a previously used 21 port, and if you want to work with FTP default 21 port, you need to remove or use # to block out the previously added options.
FTP Server Setup in Ftp-linux