? File Transfer Protocol: Files Transfer protocol is a set of standard protocols for file transfer over a network, using client/server mode. It belongs to the application layer of the Network transport protocol.
Server side: VSFTPD
Client: Lftp
Installation: yum-y Install VSFTPD lftp
User Authentication profile:/etc/pam.d/vsftpd
Service script:/usr/lib/systemd/system/vsftpd.service
Configuration file:/etc/vsftpd/vsftpd.conf
Anonymous user shared file location:/var/ftp
System User Shared file location: User home Directory
Virtual User Shared file location: The home directory of the system user for which it is mapped
First, VSFTPD service configuration options
- LISTEN_PORT=21: Command Port monitoring
- Connect_from_port_20=yes: Active mode port is 20
- FTP_DATA_PORT=20: Specify the port for active mode
- pasv_min_port=6000 | PASV_MAX_PORT=6010: Passive mode port range, 0 is randomly assigned
- Use_localtime=yes: Use local time
- Max_clients=0: Maximum number of concurrent connections
- Max_per_ip=0: The maximum number of simultaneous connections per IP
- NOPRIV_USER=NOBODY:VSFTPD service Specifies user identity run
- Anon_max_rate=0: Maximum transfer rate for anonymous users
- Local_max_rate=0: Maximum transfer rate for local users
- CONNECT_TIMEOUT=60: Active mode data connection timeout duration
- ACCEPT_TIMEOUT=60: Passive mode data connection Timeout duration
- DATA_CONNECTION_TIMEOUT=300: Data connection No data output time-out timeout
- IDLE_SESSION_TIMEOUT=60: No command operation timeout length
- Ascii_upload_enable=yes: First upload in text mode
- Ascii_download_enable=yes: First download in text mode
Anonymous user-Related:
- Anonymous_enable=yes: Support for anonymous users
- No_anon_password=yes: (default No) anonymous user skipped password check
- Anon_world_readable_only: (default Yes) can only download all read files
- Anon_upload_enable=yes: Allow anonymous uploads, note: File system permissions
- Anon_mkdir_write_enable=yes: Allow anonymous users to create folders
- anon_umask=077: Specify Umask for anonymous users to upload files
- Anon_other_write_enable=yes: Anonymous users can delete and modify uploaded files
- Chown_uploads=yes: (default No) modify the default owner and permissions of the uploaded file
- Chown_username=user1: The owner of an anonymously uploaded file is modified to User1
- chown_upload_mode=0644: Modify the permissions of an anonymously uploaded file to 644
System User-Related:
When Chroot_local_user=yes, the user in Chroot_list is not imprisoned
When Chroot_local_user=no, the user is imprisoned in Chroot_list
Log Related:
Xferlog_enable=yes: (default) enable record upload download log
Xferlog_std_format=yes: (default) Use WU-FTP log format
Xferlog_file=/var/log/xferlog: (default) can be automatically generated
Dual_log_enable=yes: Use the VSFTPD log format, which is not enabled by default
Vsftpd_log_file=/var/log/vsftpd.log: (default) can be automatically generated
Login prompt information related to:
Ftpd_banner=welcome to blah FTP service.
Banner_file=/etc/vsftpd/ftpbanner.txt: Displays the prompt information in the specified file, giving priority to this entry into effect
Dirmessage_enable=yes: (default) directory Access prompt Information
Message_file=.message: (default) information is stored in the specified directory. Message
Access Control Related:
PAM_SERVICE_NAME=VSFTPD: Specifying the PAM module configuration file
User authentication with PAM module
Pam configuration file:/etc/pam.d/vsftpd
/etc/vsftpd/ftpusers: The user refuses to log on by default in this file
Userlist_enable=yes: This setting is default
Userlist_deny=yes: (Default) blacklist, do not prompt password, no white list
Userlist_file=/etc/vsftpd/users_list: User authentication blacklist, this is the default value
Experiment: Implement FTPS based on SSL
[[Email protected] ~] #ldd 'which vsftpd' | grep libssl.so #查看 Whether SSL is supported Libssl.so. Ten =/lib64/libssl.so. Ten (0x00007feea94e2000)
1. Create a self-signed certificate
[Email protected] ~]#cd/etc/pki/tls/certs/[[email protected] certs]# makeVSFTPD.PEMcountry Name (2 Letter code) [Xx]:cnstate or province name (full name) []:Beijing company LTD : mageduorganizational Unit name (eg, section) []:Common name (eg, your name or your server'
s hostname) []:vsftpd.ftp.com
2. Configure VSFTPD service and support SSL
[Email protected] certs]#vim/etc/vsftpd/vsftpd.confanonymous_enable=YES ssl_ Enable =YES # enable Sslallow_anon_ssl=No # Anonymous does not support SSL force_local_logins_ssl= Yes # Local user login encryption Force_local_data_ssl=YES # Local data transfer encryption Rsa_cert_file=/etc/pki/ TLS/CERTS/VSFTPD. PEM # certificate file
3. Testing with FileZilla and other client tools
Linux Nine Yin Canon of the Great Voldemort Fist fragment 1 (FTP,NFS)