One: Learn about FTP basics
Vsftpd
1. What is FTP?
File Transfer Protocol document Transfer Protocol based on C/s structure
2. What protocol is used? What port?
TCP 21 establishes a command link
TCP 20 in Active transfer mode the server uses 20 ports to establish a data link to the client
3.FTP Working principle
---------Client Server--------------
103121
1032 20
① client sends a connection request to the server while the client system dynamically opens a port greater than 1024 to wait for a server connection (such as 1031 port)
② if the FTP server hears the request on port 21, an FTP session connection is established between the client 1031 port and the server's 21 port
③ when data needs to be transferred, the FTP client dynamically opens a port greater than 1024 (for example, 1032 port) to the server's 20 port and transmits data between the two ports. When the data transfer is complete, the two ports are automatically closed
④ dynamically allocated ports on the client are automatically freed when the FTP client disconnects from the FTP server
4.FTP operating mode
Active transfer Mode (active FTP):
In active transfer mode, the FTP client randomly opens a port n (1025) greater than 1024 to initiate a connection to port 21st of the server, then opens the N+1 port (1026) for listening and sends the Port 1026 command to the server. When the server receives the command, it uses its local FTP data port (typically 20) to connect to the client-specified port 1026 for data transfer.
Passive transfer mode (Passive FTP):
In passive transfer mode, the FTP client randomly opens a port n (1025) greater than 1024, initiates a connection to port 21st on the server, opens the N+1 port (1026), and then sends the PASV command to the server. Notifies the server that it is in passive mode itself. After the server receives the command, it will open a more than 1024 port (1521) to listen, and then use the Port command to notify the client, its own data port is 1521. When the client receives the command, it connects to server 1521 through port 1026th and then transmits data between two ports.
5.FTP Transfer Mode
Binary mode: Picture and execute File compressed file
Text patterns: CGI scripts and plain HTML files
Currently the server above and the FTP client software can automatically identify the file type and select the appropriate transmission mode
6.FTP Account Type
Anonymous User: FTP or Anonymous
Local User: System user account for Linux server native
Virtual User: Account information is stored in a separate file or database
7. Default installation VSFTPD features
Anonymous users and local users can log on
Anonymous user Login to/var/ftp, only download cannot upload
Local user Login to local user's home directory, can upload and download
FTP and LFTP commands
Get download
Put upload
Mget download multiple, support wildcard characters
Mput upload multiple, support wildcard characters
!cmd Execute outside command
LCD switch outside Path
9. Accessing the FTP address representation method
User authenticated access
Ftp://user:[email protected]
Ftp://user:[email Protected]/path/to/file
URL, Uniform Resource Locator (URL)
Unified Resource Locator
Protocol://user name: password @ server address: Port/directory path/file name
10.rhel6 your own FTP software package? What is the Master profile? Service startup script?
Vsftpd
/etc/vsftpd/vsftpd.conf
Key field meaning: Anonymous_enable=yes #开启匿名共享
Local_enable=yes #开启本地账户共享
Write_enable=yes #本地账户是否可写
Anon_upload_enable=yes #匿名用户是否可以上传文件
Anon_mkdir_write_enable=yes #匿名可创建目录
Anon_other_write_enable=yes #匿名删除, renaming
Chroot_local_user #禁锢本地账户
ANON_ROOT=/ABC #定义匿名用户根目录为/ABC Directory
anon_umask=022 #定义匿名用户上传的掩码值
11. Configuration file:/etc/vsftpd/vsftpd.conf (master configuration)
/etc/vsftpd/ftpusers (blacklist)
/etc/vsftpd/user_list (Black/White list)
In field userlist_enable=yes or no//whether to open User_list file
User_list is a whitelist when field userlist_deny=no
12. Other Common options
listen_port= Port number
Listen_address=ip Address
14. Concurrent Connection and Speed:
max_clients= Maximum number of concurrent connections
max_per_ip= Maximum number of concurrent connections for the same IP address
anon_max_rate= Anonymous user access Speed (Bytes/sec)
Local_max_rate= Local user access speed (Bytes/sec)
Install FTP
1. Install the Package
Turn off the firewall and SELinux, or you'll need to match it in advance.
Yum-y Install VSFTPD
2. Start the service
Service VSFTPD Restart
Chkconfig vsftpd on
Netstat-anptu | grep vsftpd
3. Create a test file
Ls-l/etc/* >/var/ftp/pub/anon.txt
[Email protected] ~]# Useradd Lisi
[Email protected] ~]# echo 123456 | passwd--stdin Lisi
[Email protected] ~]# ls-l/etc/* > ~lisi/lisi.txt
4. Verification: (client-side test)
Browser testing:
ftp://192.168.4.5/
Ftp://lisi:[email protected]/User Password login mode
Command-line testing:
[[email protected] ~]# yum-y install FTP lftp
[[Email protected] ~]# FTP 192.168.4.5
Ftp> CD Pub
Ftp> ls
Ftp> Get Anon.txt
Ftp>!ls
Ftp> put Install.log
Ftp> quit
[Email protected] ~]# lftp 192.168.4.5
Lftp 192.168.4.5:~> User Lisi
Password:
[Email protected] ~]# yum-y install wget
[[email protected] ~]# wget ftp://lisi:[email protected]/lisi.txt download file test
Experiment Summary:
Anonymous users and local users can log on
Anonymous user Login to/var/ftp, only download cannot upload
Local user Login to local user's home directory, can upload and download user home directory
Experiment three:
Imprison local Users in their home directory
Experimental steps:
First Test default results on client
[[email protected] ~]# ftp 192.168.4.5
...
Name (192.168.4.5:root): Lisi
331 Please specify the password.
Password:
...
ftp> pwd
257 "/home/lisi"
on server-side configuration
[[email protected] ~]# cd/etc/vsftpd/
[[email Protected] vsftpd]# CP vsftpd.conf Vsftpd.conf.bak
[[email protected] vsftpd]# vim vsftpd.conf
...
Chroot_local_user=yes
...
[[email protected] vsftpd]# service vsftpd Restart
on client test:
[[email protected] ~]# FTP 192.168.4.5
...
Name (192.168.4.5:root): Lisi
331 Please specify the password.
Password:
Login successful.
ftp> pwd
257 "/"
Experiment Four: User access control (black and white list)
Stop Mike from visiting by Ftpusers
Set User_list to Whitelist
Allow Lisi, Mike to access
Test anonymous access, Lisi, and Mike Access separately
Add FTP to the whitelist, and then test anonymous access
[Email protected] ~]# Useradd Mike
[Email protected] ~]# echo 123456 | passwd--stdin Mike
[[email protected] ~]# grep mike/etc/vsftpd/ftpusers
Mike
[Email protected] ~]# service vsftpd restart
Test: Access FTP with Mike
[Email protected] ~]# vim/etc/vsftpd/vsftpd.conf
...
121 Userlist_deny=no
...
[Email protected] ~]# service vsftpd restart
[[email protected] ~]# grep mike/etc/vsftpd/ftpusers
[Email protected] ~]# tail-n 2/etc/vsftpd/user_list
Lisi
Mike
Test:
Use Mike and Lisi to log in to test separately
After the experiment, please 121 the main configuration file Userlist_deny=no comments and remove the accounts added user_list and ftpusers
Experiment Five:
Up to 100 concurrent, up to 2 concurrent per IP address
Limit anonymous download speed to 50kb/s
Limit user download speed to 500kb/s
Verify the above limitations via FTP, wget
[Email protected] ~]# vim/etc/vsftpd/vsftpd.conf
...
122 max_clients=100
123 max_per_ip=2
124 anon_max_rate=50000
local_max_rate=500000
[Email protected] ~]# service vsftpd restart
[[email protected] ~]# dd If=/dev/zero of=/var/ftp/pub/anon.tgz bs=1m count=1000
[[email protected] ~]# dd If=/dev/zero of=/home/lisi/local.tgz bs=1m count=1000
Test:
[Email protected] ~]# wget ftp://192.168.4.5/pub/anon.tgz
[Email protected] ~]# wget ftp://lisi:[email protected]/local.tgz
Add:
Anonymous user logon disables write access to the shared root directory (/VAR/FTP), otherwise the anonymous account login is forbidden!
Primary FTP Setup