I. Installation, start-up and shutdown of VSFTPD services
1, installation vsftpd
[[email protected] bdump]# Yum Install vsftpd--You must configure the Yum source to install vsftpd using the Yum command, or mount the disc, locate the packages package under the VSFTPD directory, install it using the RPM command
......
Installed:
Vsftpd.x86_64 0:2.0.5-24.el5
complete!
2. Start and close of VSFTPD service
[Email protected] bdump]# chkconfig--list vsftpd
VSFTPD 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[Email protected] bdump]# chkconfig--level vsftpd on
[[email protected] bdump]# service vsftpd Restart-start/close command: Service vsftpd start/stop
Shutting down VSFTPD: [FAILED]
Starting vsftpd for VSFTPD: [OK]
[[email protected] bdump]#
Second, upload and download the file
1, connection to FTP server
g:\testftp> FTP -or Direct: FTP ip/host name connection
ftp> Open 192.168.1.200
Connect to 192.168.1.200.
VsFTPd 2.0.5
User (192.168.1.200: (none)): Root --cannot use the root user by default
530 Permission denied.
Login failed.
Ftp> Open 192.168.1.200
is already connected to 192.168.1.200, please use disconnect first.
ftp> disconnect
221 Goodbye.
Ftp> Open 192.168.1.200
connected to 192.168.1.200.
VsFTPd 2.0.5
User (192.168.1.200: (None)): Oracle
331 Please specify the password.
Password:
Login successful.
Ftp> Loc
Invalid command.
ftp> lcd
current local directory G:\testftp.
Ftp>
2, download file
download file use Get and mget these two commands
A. Use the Get command to/home/on the remote server Oracle/product/10.2.0/db_1/network/admin/tnsnames.ora This file is downloaded to the local current directory.
ftp> Get/home/oracle/product/10.2.0/db_1/network/admin/tnsnames.ora Tnsnams.ora
PORT command successful. Consider using PASV.
Opening BINARY mode data connection for/home/oracle/product/10.2.0/db_1/network/admin/tnsnames.
226 File Send OK.
ftp: Received 719 bytes, spents 0.00 seconds 719.00 kilobytes per second.
Ftp> LCD
Current local directory G:\testftp.
Ftp>
B. Downloading a file from a remote server to a specified directory
Ftp> Get/home/oracle/product/10.2.0/db_1/network/admin/tnsnames.ora C:\Users\Administrator\Desktop\ Tnsnames.ora_bak
PORT command successful. Consider using PASV.
Opening BINARY Mode data connection For/home/oracle/product/10.2.0/db_1/network/admin/tnsnames.ora (719 bytes).
226 File send OK.
ftp: Received 719 bytes, spents 0.00 seconds 719000.00 kilobytes per second.
c. Use the mget command to download all files from the/home/oracle/test directory on the remote server to the local current directory (the specified directory is invalid)
Ftp> mget/home/oracle/test/g:\testftp\testmget\
Mget/home/oracle/test/2.log?
Mget/home/oracle/test/3.log?
------------------------
Each time you download a file, you will be prompted. If you want to remove the hint, execute it before executing the mget command: Prompt off
Note: The files are downloaded to the current directory of the Linux host.
------------------------
Ftp> prompt off
Interactive mode off.
Ftp> mget/home/oracle/test G:\testftp\
Ftp>
3. Upload files to the remote server
A. Transferring a local file to a remote host
Ftp> put Test.ora/home/oracle/test/test2.ora--Must specify the file name after uploading to the remote directory
PORT command successful. Consider using PASV.
Ok to send data.
226 File receive OK.
ftp: Send 719 bytes, spents 0.00 seconds 719000.00 kilobytes per second.
Ftp>
B. Use mput to upload all files in the local current directory to the remote machine specified directory (note: The upload file is from the host's current directory)
Ftp> mput */home/oracle/test
Mput 111.log?
Mput 222.log?
Mput 333.ora?
Mput Testmget? N
/home/oracle/test:
Ftp>
4. Disconnect the connection
Ftp> quit
Or
Ftp> bye
5. Common commands
LS lists the current directory of the remote machine
CD changes the working directory on the remote machine
LCD changes working directory on local Machine
ASCII set file transfer mode to ASCII mode
Binary set file transfer mode to binary
Close terminates the current FTP session
Hash displays a # number each time the data in the data buffer is transferred
Get (Mget) transfers the specified file from the remote machine to the local machine
Put (mput) transfers the specified file from the local machine to the remote machine
Open Connect Remote FTP site
Disconnect from the remote machine and exit FTP
? Show local Help information
! Go to the shell
III. Overview of FTP services
1. Port Number of FTP service
21 Port: Control command to transfer FTP
20 Port: Transferring file data
2. FTP Data transfer Mode
Active mode
The FTP client makes a connection request to the server's FTP control port (21 port), the server accepts the connection, establishes a command link, and when the data needs to be transferred, the client tells the server by using the Port command on the command link and opens a port on its own. The server makes a connection request from port 20 to the specified port on the client and establishes a data link to transmit the data. (Ftp>sendport)
Passive mode
The FTP client makes a connection request to the server's FTP control port (21 port), the server accepts the connection, establishes a command link, and when the data needs to be transferred, the server tells the client by using the PASV command on the command link, opens a port on its own, and the client makes a connection request to the server's specified port. Set up a data link to transfer data. (ftp>passive)
3. FTP Server Software
wu-ftpd--www.wu-ftpd.org
proftpd--www.proftpd.org
vsftpd--vsftpd.beasts.org
4. FTP client Software
FTP command
gftp--gftp.seul.org
Filezilla--filezilla.sourceforge.net (Open source FTP client under Windows)
5. Firewall setup policy between server and client
For servers working in active mode:
- Allow FTP clients to connect 21 ports of the FTP server from ports greater than 1024
- Allow FTP servers to respond to network connections with FTP clients larger than 1024 ports from port 21
- Allow FTP servers to actively connect to ports greater than 1024 in FTP clients from Port 20
- Allow FTP clients to respond to network connections from 20 ports on the FTP server from ports greater than 1024
For servers working in passive mode:
- Allow FTP clients to connect 21 ports of the FTP server from ports greater than 1024
- Allow FTP servers to respond to network connections with FTP clients larger than 1024 ports from port 21
- Allow FTP clients to actively connect to ports greater than 1024 on FTP servers from ports greater than 1024
- Allow FTP servers to respond to network connections from FTP clients larger than 1024 ports from ports greater than 1024
2) configuration file for VSFTPD server
- Master configuration file--/etc/vsftpd/vsftpd.conf
vsftpd.conf common configurations in Files:
Anonymous_enable: When set to Yes, the FTP server allows anonymous logons.
Local_enable: When set to Yes, the FTP server allows local users to log on.
Write_enable: When set to Yes, the FTP server opens write access to local users.
Local_umask: Sets the local user's file generation mask, which is set to 022 in the configuration file.
Dirmessage_enable: When set to Yes, the ". Message" In the directory is displayed to suppress the contents of the file.
Xferlog_enable: When set to Yes, the FTP server will enable uploading and downloading logs.
Xferlog_std_format: When set to Yes, the FTP server uses the standard FTPD xferlog log format.
CONNECT_FROM_PORT_20: When set to Yes, the FTP server will enable connection requests for the data port (20).
Pam_service_name: Sets the profile name of the PAM Authentication Service, which is saved in the "/ETC/PAM.D" directory.
Userlist_enable: When set to Yes, the FTP server checks the Userlist_file settings file for the specified
VSFTPD server, the default value for Userlist_file configuration item is "/etc/vsftpd.user_list" file.
Userlist_deny: When set to Yes, the Vsftpd.user_list file is used to set the user account that prevents login;
When set to No, the Vsftpd.user_list file is used to set the user account that is allowed to log on.
Listen: When set to Yes, the FTP server is in stand-alone boot mode (as opposed to xinetd-managed boot mode).
Tcp_wrappers: When set to Yes, the FTP server uses tcp_wrappers as the host access control mode.
Tcp_wrappers can implement host address-based access control for network services in Linux systems, Hosts.allow in the "/etc" directory (allow access to records) and Hosts.deny (Access denied records) two files for setting up Tcp_ Wrappers access control.
Chroot_local_user: When set to Yes, the VSFTPD server will imprison the local user in the user host directory.
Max_clients: Used to set the maximum number of client connections allowed by the FTP server, 0 means no limit.
MAX_PER_IP: To set the maximum number of client connections allowed for the same IP address, 0 means no limit.
Local_max_rate: Sets the maximum transfer rate for local users, in b/s,0 for no limit.
Anon_max_rate: Sets the maximum transfer rate for anonymous users, in b/s,0 for no limit.
- /etc/vsftpd.ftpusers file
Save local user accounts that do not allow FTP logons, typically accounts with higher privileges in the system.
- /etc/vsftpd.user_list file
It needs to be combined with the configuration in the Vsftpd.conf file to enable access control for the user account specified in the/etc/vsftpd.user_list file.
The Userlist_enable=yes//FTP server will check the Userlist_file settings file for the specified
Access to the VSFTPD server is available to users.
Userlist_deny=yes//vsftpd.user_list file is used to set the user account which is forbidden to login;
The userlist_deny= NO//vsftpd.user_list file is used to set the user account that is allowed to log in.
LINUX-FTP Services common Commands and testing