VSFTP Installation and Erection

Vsftp is an FTP server used on UNIX-like systems published on the GPL software, it is the full name of very secure FTP from the names can be seen, the original intention of the creator is the security of the code.

Security is the original intention of writing vsftp, in addition to the inherent safety features, high speed and high stability is also two important characteristics of vsftp.

in terms of speed, when downloading data using ASCII code mode, the speed of vsftp is twice times that of Wu-ftp if the Linux host using the 2.4.* kernel , in Gigabit Ethernet download speed up to 86mb/s.

in terms of stability, vsftp is even better, vsftp in standalone (non-clustered support for more than 4,000 concurrent users to connect at the same time, according to Red Hat's FTP server data, the VSFTP server can support 15,000 concurrent users

1, it is a safe, high-speed, stable FTP server;

2, it can do a virtual FTP host server based on multiple IP;

3, anonymous service settings are very convenient;

4, the root directory of anonymous FTP does not require any special directory structure, or System programs or other system files;

5, do not execute any external procedures, thereby reducing the security risks;

6, support virtual users, and each virtual user can have a separate property configuration;

7, can be set to start from the inetd, or independent FTP server two modes of operation;

8. Support Two kinds of authentication methods (PAP or xinetd/tcp_wrappers);

9, support bandwidth limit;

VSFTP Market application is very wide, many international large companies and free open source organizations in use, such as: Red Hat, Suse,debian,openbsd.

Vsftp Disadvantages

Vsftp, there is garbled behavior when converting Windows Client access from W without processing file encoding.

Workaround:

1, the use of vsftp patch,

2. Convert server directory file encoding, under Linux:

Convmvfs/ftp/pub_gbk-o srcdir=/ftp/pub, ICHARSET=UTF8,OCHARSET=GBK code, then access/FTP/PUB_GBK when the file name is GBK, There will be no garbled characters under Windows.

You can also use the following command to convert the file name encoding:

Convmv-f UTF-8-T gbk-r yourfile--notest

No--notest option to show only converted results, no real action on files

3, Windows does not use the resource Manager, IE to access the server, using the FTP client tool to access the server, find the FTP client can set the encoding, set the code on it.

4. Encoding resolution STEPS

Modifying source code files OPTS.C

if (Str_equal_text (&p_sess->ftp_arg_str, "UTF8 on") is changed to

if (Str_equal_text (&p_sess->ftp_arg_str, "DISABLE UTF8 on"))

FTP Response code:

1XX: Information

2XX: Status code for Success class

3xx: Prompt for further status codes for supplemental information

4XX: Client Error

5XX: Service-side error

Note: FTP is transmitted in clear text, so it may be less secure, if you want to secure the transfer, you can use SFTP,FTPS to achieve, but this article has not been introduced.

FTPS: SSL-based

SFTP: SSH-based

Read the above introduction, we should have some understanding of vsftp, then we now come to install the VSFTP service.

The environment of this experiment is:

Virtual machines: VMware Workstation 11

Operating system: CentOS 6.6

Editing program: Vim

Installer: Yum

Connection Program: Xshell 5

     Start installing VSFTP services     yum -y install vsftpd          can see what files are installed after the installation is complete     rpm -ql vsftpd |  less        /etc/pam.d/vsftpd:  User Authentication Profile/etc/rc.d/init.d/ vsftpd:  Service Script/etc/logrotate.d/vsftpd:  log script/etc/vsftpd:  the directory where the configuration file is located vsftpd.conf:  Master profile Other files are/usr/sbin/vsftpd:  main programs associated with user control/var/ftp: Anonymous user (mapped to FTP user) shared resource access location The default directory for FTP users is/var/ftpfinger  ftp: You can view the directory of the FTP user and the location of the resources that other information system users access via ftp: The user's own home directory The location of the resources that the virtual user accesses via ftp: The system user's home directory for the mappings specified by the virtual user           then see if the firewall is turned on     iptables -L -n          If a piece of the firewall is turned on, it is not necessarily the same as the picture      if the firewall is not configured, the firewall is shut down, or the service cannot be connected.          firewall off: service iptables stop, temporarily shut down firewall             &Nbsp;        chkconfig iptables on, boot does not start the firewall 

   650) this.width=650; src= http://s3.51cto.com/wyfs02/M00/71/B5/ Wkiom1xxisyzfahqaahfcrzj0wy065.jpg "title=" Iptables.png "alt=" wkiom1xxisyzfahqaahfcrzj0wy065.jpg "/>

     after the firewall shuts down, you can start the service     service vsftpd start          Check if startup is successful after starting the Service     FTP service monitoring at Port 21st      ss -tunl         Netid State       Recv-Q Send-Q    Local Address:Port                             tcp   LISTEN     0       32         *:21      This is a listening port 21st, on behalf of the service has been started successfully          start a successful start test service, now native test           can use LFTP test, if not installed LFTP can be installed first              yum -y install lftp                     Test:              lftp   Native IP address              if Anonymous logon is allowed, LFTP will automatically login without entering your account password.              login successfully Enter LS to view the local file           generally this machine can be tested successfully.                  test on the external machine, This time on the physical host Test         win key +r appear run window, enter cmd

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/71/B2/wKioL1XXJFKANisvAACz1Gy2qtc929.jpg "title=" Cmd.png "alt=" Wkiol1xxjfkanisvaacz1gy2qtc929.jpg "/>

Enter the FTP server IP address as the representative is also tested successfully, can connect FTP

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/71/B5/wKiom1XXIruyBsx_AAFr4KMT9fQ315.jpg "title=" Ftp.png "alt=" Wkiom1xxiruybsx_aafr4kmt9fq315.jpg "/>

Our FTP installation was successful, but not fully used, and we have some configuration

Configuration vsftpd     Main configuration file Description: Well, after the beginning of the hole with a space, are looking at the beginning of the well is not followed by a blank space, is the option can not be in the front of the option to add a space, or syntax error can not be more arbitrary white space characters         vim /etc/vsftpd/vsftpd.conf         Here we go. Anonymous user Configuration with system User Configuration      Anonymous User Configuration:anonymous_enable=yes:  whether anonymous user Anon_upload_enable=yes is enabled:   Whether anonymous users are allowed to upload anon_mkdir_write_enable=yes: Allow anonymous users to create      anonymous users cannot create directories and files, so they cannot upload data.      Anonymous user root directory, and can not modify permissions, because the VSFTP is not modified, modified will be banned from starting. Need to create sub-directories under the root directory, you can modify the sub-directory belongs to the main group to upload data, but also to enter the sub-directory upload         anon_other_write_ enable=yes:  does not have this item by default, allowing anonymous users to have the ability to create directories, upload permissions, such as rename, delete      system User Configuration:local_enable=yes:  Whether to allow local user system users to log on is the home directory of the system users, so that can also access directories such as etc is very insecure, not recommended to open the system user write_enable=yes:  whether to allow local users have write permission to open: Can create, modify, Delete local_umask=022:  on behalf of the file upload up after the change to what permissions, here is 644, reverse mask chroot_local_user=yes: Imprison all FTP Local users and their home directory, On behalf of local users can only access home directory chroot_list_enable=yes:  enable list rules, list file users, are imprisoned, not written are not imprisoned chroot_list_file=/etc/vsftpd/chroot_list     Global configuration:dirmessage_enable=yes:  lets the user log in to see the information you want him to see. You need to create a. message file in the directory where she wants to see the information ascii_upload_enable=yes:  force the use of text format uploads, not recommended to enable asscii_download_enable=yes:  Forced to download with text format, do not recommend enabling ftpd-banner=welcome to blah ftp service. :  when signing in to FTP welcome information       Log:xferlog_enable=yes:  whether to turn on the transfer log xferlog_std_format=yes:  whether to use the log standard format Xferlog_file=/var /log/xferlog: Where the log files are stored      change whether the owner:chown_uploads=yes:  of the uploaded file changes the owner of the uploaded file Chown_username= whoever:  Master changed to whoever     connection time:idle_session_timeout=600:  user connection FTP idle time is 600 seconds Data_ connection_timeout=120:  Data Connection Timeout is 120 seconds     pam authentication:pam_service_name=vsftpd.mysql:  VSFTPD uses PAM to complete user authentication, the PAM profile/etc/pam.d/vsftpd:  this file defines which Pam module is used to authenticate users when they visit vsftpd          auth:  do authentication account: Do user accounts in the validity period of the session:  this certification passed the required:  The requirements of this certification is how to refer to the results of this certification, must be over this, but the result is not through     item=user:  on behalf of this file is the user name,    sense=deny:  user name appears in this file, Access denied      file=/etc/vsftpd/ftpusers:  the file location where the user name is stored     onerr=succeed:  An error occurred, You cannot log in directly by terminating the user name that is stored in the file. userlist_enable=yes:  whether to enable a list file that controls user logons userlist_file=/etc/vsftpd/user_list:  define userlist files, define the Userlist_ The Deny path is default. You do not need to add additional userlist_file unless you need to change the address userlist_deny=yes| NO: Defines whether the userlist user is able to log on or cannot log on tcp_wrappers=yes:  connection limit:max_clients:  Maximum number of concurrent connections max_per_ip:  Concurrent requests per IP at simultaneous transmission rate:anno_max_rate:  the maximum transfer rate for anonymous users, in bytes per second local_max_rate:  The maximum transfer rate for local users       above for anonymous login and system user login common settings, can be set according to their own requirements.          We do not have a few examples here, just change a few simple anonymous user settings.                 Note: It is a good idea to restart the service after setting up once to confirm that it has been set successfully             service  vsftpd restart                         set anonymous user can upload download:                 anon_upload_enable=yes                 anon_mkdir_ write_enable=yes                 anon_mkdir_write_enable=YES             You can do this after you set the reboot.           Note: You need to configure SELinux here, if you do not configure the SELinux will be closed, or only download can not upload.                  SELinux closed: setenforce 0 , temporarily closed                               boot does not start:                                    vim /etc/selinux/config: Open config file                                    Change selinux=enforcing to selinux=disabled

To this: VSFTP configuration is complete, you can use anonymous user login ftp, download and upload operations.

Important: FTP configuration can not have extra space, at the beginning of the configuration if there are spaces, the configuration will not error, but will not take effect, very much to note.

VSFTP Installation and Erection