PureftpdIs a fast, high-quality, and fully functionalFtpServer, the most important thing is to support setting the Default Client encoding. Pureftpd is very powerful and useful, but we need to use it to encrypt all the connection data.SSHTo run Pure-FTP
Q: How to run Pure-FTP through SSH? I want to encrypt all connection data (including passwords)
A: It is better to run FTP through SSH than to run FTP through SSL (the latter cannot be used in a secure firewall) or SFTP (slower, but only one port is used)
Windows users can use the Van Dyke's SecureFX client-an excellent client-to access FTP through SSH. this does not require any special knowledge: As long as an account is set up for the FTP server, the client is told to check "FTP-over-SSH2" in the "protocol" list box ".
As for the server side, the following describes how to manage the FTP account through SSH
1) Add/usr/bin/false to the/etc. shell file (in some systems, it may be/bin/false)
2) create an FTP account through SSH and create a system account with/dev/null as the main directory and/usr/bin/false as the shell. No dedicated UID is required: each account that uses SSH for FTP can use the same uid again.
3) create virtual users (using PureDB, SQL, or LDAP) for users ). Give the virtual user a real master directory and only allow connections from 127.0.0.1 (all FTP sessions through SSH come from the local host, which is due to the SSH pipeline)
Users without a main directory (/dev/null) and without a valid shell cannot obtain a shell and cannot run any commands on the server. However, they can have FTP sessions through SSH.
The following are some examples (Linux/OpenBSD/ISOS commands, which can be changed if necessary)
1) create a regular FTP account:
- pure-pw useradd customer1 -m -d /home/customer1 -u ftpuser
2) create an FTP account through SSH (reject unencrypted sessions)
- useradd -u ftpuser -g ftpgroup -d /dev/null -s /usr/bin/false customer2
-
- pure-pw useradd customer2 -m -d /home/customer2 -u ftpuser -r 127.0.0.1/32
-
3) create an account. This account can use conventional (unencrypted) FTP on the Intranet (192.168.1.x), but you must use SSH to connect to FTP on the internet (internet.
- useradd -u ftpuser -g ftpgroup -d /dev/null -s /usr/bin/false customer3
-
- pure-pw useradd customer3 -m -d /home/customer3 -u ftpuser \
-
- -r 127.0.0.1/32,192.168.1.0/24
By analyzing and reading the full text, how can we encrypt all the connection data and run Pure-FTP through SSH! I hope this article will help you!
- PureFTPd Q & A collection
- Pureftpd Problem Set firewall
- Chinese version of PureFTPd Q & A set
- Use a shell user or virtual user to log on to pureftpd
- Pureftpd function-system account separation
- Permission Control for Pureftpd
- Use pureftpd to set up an ftp server with web Management in slackware 10.1
- Functions used by the Pureftpd MYSQL database