Implementing File Transfer Services (FTP, SFTP) in Linux

???? This article describes how to implement file transfer in Linux, where FTP and SFTP are the main uses.

• ???? Ftp

  ???? Needless to say, go straight to the point, you need to note thatFTP uses Client/server architecture, and there are two channels (control channel, data channel).
  ????
  ???? When the client initiates the connection, the target port is TCP/21, and after the server authenticates its authentication, it establishes the connection, that is, the control channel, which is used for the client to transmit the FTP instruction , such as LS, CD, get, put, user, etc. When the server receives the instruction, the results are transferred to the client at the end of the analysis, noting that the content of the transferred command is required to have a different connection, that is, the data channel .
  ????
  According to the identity of the initiator of the data channel is divided into, the FTP is divided into active mode, passive mode:
  ????
  1. Active mode: Server side actively establish a connection with client.

A. Control channel establishment: After the client has established three handshake with server, client sends its own address, listening port to server, a, B, C, D as IP address, e*256+f as port.
B. Data Channel establishment: The server initiates the connection, the source port TCP/20, and the destination port is the port (e*256+f) that the client sends.

?

? 2. Passive mode: The server side randomly generates a serial number as the server side of the port waiting for the client to connect.

A. Control channel establishment: After the client and server have established three handshake, the client sends the FTP instruction PASV to the passive mode, waiting for the server address (A,B,C,D), port information (e*256+f).
B. Data channel establishment: Client receives server address, port information, client initiates connection, source port is random, target port e*256+f.

• Vsftpd

  ???? FTP is only a protocol, specification, and VSFTPD is a number of FTP protocol, the specification of an implementation, which is better in security.

  1. Install vsftpd [[email protected] ~]# yum-y installation vsftpd2 by Yum mode. VSFTPD program file structure:/etc/vsftpd/vsftpd.conf #主配置文件/etc/vsft                                   Pd/ftpuser #/etc/vsftpd/user_list                                                       #/etc/pam.d/vsftpd #FTP通过pam对用户进行认真/var/ftp                                                         #默认vsftpd定义的共享目录 3. Create an anonymous FTP download site:/myftp/pub #共享目录, all users can create, delete, modify??????? A. First shut down the firewall, SELinux avoidance impact Experiment [[email protected] ~]# iptables-f [[email protected] ~]# Seten Force 0???????? B. Create the appropriate directory and modify its permissions: [[email protected] ~]$ mkdir-pv/myftp/{doc,pub} mkdir:created directory '/my FTP ' mkdir:created directory '/myftp/pub ' [[email protected] ~]# Cp/etc/fstab/myftp/pub/[[email protected] ~]# chown-r ftp/myftp/????????? C. Modifying a configuration file [[email protected] ~]# cp/usr/share/doc/vsftpd-3.0.2/example/internet_site/vsftpd.conf/etc/vsftpd/ vsftpd.conf [[email protected] ~]# systemctl restart VSFTPD????                  D. Modify the home directory of the FTP user, because the anonymous user is actually accessing the home directory mapped to the FTP user. [[email protected] ~]# vim/etc/passwd ftp:x:14:50:ftp user:/myftp:/sbin/nologin????                          E. Note: I. Anonymous users can not be chroot, or will error, if not required local users, the following configuration is recommended: Chroot_local_user=no Local_enable=no Ii. since vsftpd 2.3.5, vsftpd enhanced the Security check, if the user is limited to their home directory, then the user's home directory can no longer have write permission!                         If the check finds that there are write permissions, the error is reported.                                          Login failed:500 OOPS:vsftpd:refusing to run with writable root inside Chroot () Workaround:                                         chmod a-w/var/ftp-r Remove write access to the home directory or add instructions to allow write      Allow_writable_chroot=yes          III. anon_world_readable_only instruction, when the value is not Yes (default), other users must have read access to the file to download, or no, as long as the FTP user has Read permission to download. 

Implementing File Transfer Services (FTP, SFTP) in Linux