Ftp:file Transfer Protocol, Port: control: TCP/21; Data: TCP/20 or random high port
FTP has two connections:
Command connection (Control connection): TCP/21
Data connection (open on Demand):
Active mode: TCP/20 (FTP server Active connection client)
Passive mode: Random high port
FTP has two modes of transmission: Binary, TEXT (default is auto, will match according to file characteristics)
SFTP is implemented with OpenSSL, and FTPs is a sub-function of SSH.
System platform: rhel5.8 (32-bit), ip:32.12.32.227, with the system's own RPM package installation
To install ftp:
#yum Install VSFTPD
#service vsftpd Start
#finger FTP (Installation VSFTPD automatically creates FTP users and user groups to view the home directory for FTP
Test (at this time anonymous login, user name can anonymous or FTP, password is empty):
C:\users\yangyuan>ftp 32.12.32.227
Connect to 32.12.32.227.
(VsFTPd 2.0.5)
User (32.12.32.227: (None)): FTP
331 Specify the password.
Password:
Successful Login.
Ftp>
Note: Anonymous users are not able to upload files, create new directories, delete files unless you change the configuration file/etc/vsftpd/vsftpd.conf
#vim/etc/vsftpd/vsftpd.conf
Anon_upload_enable=yes (Allow anonymous users to upload files)
Anon_mkdir_write_enable=yes (Allow anonymous users to create a new directory)
Anon_other_write_enable=yes (Allow anonymous users to delete files)
#mkdir/var/ftp/upload (Create an upload directory)
#setfacl-M U:ftp:rwx/var/ftp/upload
#service vsftpd Restart
#setenforce 0
#iptables-F (empty firewall)
Test:
xshell:\> FTP 32.12.32.227
Connecting to 32.12.32.227:21 ...
Connection established.
To escape to local shell, press ' ctrl+alt+] '.
(VsFTPd 2.0.5)
Name (32.12.32.227:yangyuan): FTP
331 Specify the password.
Password:
Successful Login.
Ftp:/> CD Upload
Directory successfully changed.
Ftp:/upload> lpwd
D:\Users\yangyuan\Desktop
Ftp:/upload> put Fd.png
227 Entering Passive Mode (32,12,32,227,222,90)
Ok to send data.
fd.png:12.8 KB Sent in 0.001 sec (13,129 bytes, 12.5 mb/sec).
226 File receive OK.
ftp:/upload> mkdir Test3
257 "/UPLOAD/TEST3" created
ftp:/upload> Delete Fd.png
+ Delete operation successful.
Using the normal user of the system to access the FTP will go to the normal user home directory, it is recommended not to use:
#useradd Hadoop
#echo "Redhat" | passwd--stdin Hadoop
xshell:\> FTP 32.12.32.227
Connecting to 32.12.32.227:21 ...
Connection established.
To escape to local shell, press ' ctrl+alt+] '.
(VsFTPd 2.0.5)
Name (32.12.32.227:yangyuan): Hadoop
331 Specify the password.
Password:
Successful Login.
Ftp:/home/hadoop>
In addition, the following two commands can be added to the/etc/vsftpd/vsftpd.conf:
max_clients= value (used to define the maximum number of users to access)
mas_per_ip= value (used to define the number of individual IP address users)
Implementation of SFTP: CA---->sftp
# (Umask 077;openssl genrsa-out PRIVATE/CAKEY.PEM 2048)
# OpenSSL Req-new-x509-key private/cakey.pem-out cacert.pem-days 3650
.........
Country Name (2 letter code) [GB]:CN
State or province name (full name) [Berkshire]:js
Locality Name (eg, city) [Newbury]:sz
Organization Name (eg, company) [My company Ltd]:bocs
Organizational Unit Name (eg, section) []:tech
Common name (eg, your name or your server ' s hostname) []:ca.bocs.com
Email Address []:
# VIM/ETC/PKI/TLS/OPENSSL.CNF
DIR =/etc/pki/ca
# Mkdir/etc/vsftpd/ssl
# Cd/etc/vsftpd/ssl
# (Umask 077;openssl genrsa-out vsftpd.key 2048)
# OpenSSL Req-new-key vsftpd.key-out VSFTPD.CSR
Country Name (2 letter code) [GB]:CN
State or province name (full name) [Berkshire]:js
Locality Name (eg, city) [Newbury]:sz
Organization Name (eg, company) [My company Ltd]:bocs
Organizational Unit Name (eg, section) []:tech
Common name (eg, your name or your server ' s hostname) []:ftp.bocs.com
Email Address []:
Please enter the following ' extra ' attributes
To is sent with your certificate request
A Challenge Password []:
An optional company name []:
# OpenSSL ca-in vsftpd.csr-out vsftpd.crt (y y)
#vim/etc/vsftpd/vsftpd.conf (Add the following)
######### SSL or TLS #########
Ssl_enable=yes
Ssl_tlsv1=yes
Ssl_sslv3=yes
Allow_anon_ssl=no
Force_local_data_ssl=yes
Force_local_logins_ssl=yes
Rsa_cert_file=/etc/vsftpd/ssl/vsftpd.crt
Rsa_private_key_file=/etc/vsftpd/ssl/vsftpd.key
#service vsftpd Restart
Test
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/7F/BB/wKiom1cquC3DujDEAABq6PIIE-Y902.png "style=" float: none; "title=" 12.PNG "alt=" Wkiom1cquc3dujdeaabq6piie-y902.png "/>
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7F/B9/wKioL1cquQTBx2IrAAD63L3WWgc226.png "style=" float: none; "title=" 12.1.PNG "alt=" Wkiol1cquqtbx2iraad63l3wwgc226.png "/>
Virtual user implementation based on Pam and MySQL
# yum-y Install Mysql-server Mysql-devel
# service Mysqld Start
# Chkconfig Mysqld on
Because the system Pam is associated with MySQL a package: pam_mysql-0.7rc1.tar.gz, download location:http://download.chinaunix.net/download.php?id=15901& resourceid=7820
# Tar XF pam_mysql-0.7rc1.tar.gz
# CD PAM_MYSQL-0.7RC1
#./configure--WITH-MSYQL--with-openssl
# make
# make Install
Create databases, tables, assign permissions to library users
# MySQL
mysql> CREATE DATABASE vsftpd;
Query OK, 1 row affected (0.02 sec)
mysql> use VSFTPD;
Database changed
Mysql> CREATE TABLE Users (
-ID SMALLINT auto_increment not NULL,
, name CHAR (a) BINARY not NULL,
Password CHAR () BINARY not NULL,
-PRIMARY KEY (ID)
);
Query OK, 0 rows affected (0.03 sec)
mysql> DESC users;
+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| ID | smallint (6) | NO | PRI | NULL | auto_increment |
| name | char (20) | NO | | NULL | |
| password | char (48) | NO | | NULL | |
+----------+-------------+------+-----+---------+----------------+
3 rows in Set (0.01 sec)
Mysql> GRANT SELECT on vsftpd.* to [e-mail protected] identified by ' vsftpd ';
Query OK, 0 rows Affected (0.00 sec)
Mysql> GRANT SELECT on vsftpd.* to [e-mail protected] ' 127.0.0.1 ' identified by ' vsftpd ';
Query OK, 0 rows Affected (0.00 sec)
Mysql> INSERT into users (Name,password) VALUES (' Tom ', ' Redhat ');
Query OK, 1 row Affected (0.00 sec)
Mysql> INSERT into users (Name,password) VALUES (' Jerry ', ' Redhat ');
Query OK, 1 row Affected (0.00 sec)
mysql> FLUSH privileges;
Query OK, 0 rows Affected (0.00 sec)
Mysql> \q
Files required to establish PAM certification
# Vim/etc/pam.d/vsftpd.mysql
Auth required/usr/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn =name Passwdcolumn=password crypt=0
Account required/usr/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=0
# useradd-s/sbin/nologin-d/var/vuser VUser
# chmod Go+rx/var/vuser
# vim/etc/vsftpd/vsftpd.conf
Pam_service_name=vsftpd.mysql
Force_local_data_ssl=no
Force_local_logins_ssl=no
######## Guset ##########
Guest_enable=yes
Guest_username=yes
User_config_dir=/etc/vsftpd/vuser_list
# mkdir/etc/vsftpd/vuser_list
# Touch/etc/vsftpd/vuser_list/{tom,jerry}
# Vim/etc/vsftpd/vuser_list/jerry (Jerry user has upload, create directory, delete file function)
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
# Service VSFTPD Restart
Test
[[Email protected] ~]# FTP 32.12.32.227
Connected to 32.12.32.227.
(VsFTPd 2.0.5)
504 Unknown AUTH type.
504 Unknown AUTH type.
Kerberos_v4 rejected as an authentication type
Name (32.12.32.227:root): Tom
331 Specify the password.
Password:
Successful Login.
Remote system type is UNIX.
Using binary mode to transfer files.
Ftp>
[[Email protected] ~]# FTP 32.12.32.227
Connected to 32.12.32.227.
(VsFTPd 2.0.5)
504 Unknown AUTH type.
504 Unknown AUTH type.
Kerberos_v4 rejected as an authentication type
Name (32.12.32.227:root): Jerry
331 Specify the password.
Password:
Successful Login.
Remote system type is UNIX.
Using binary mode to transfer files.
Ftp> lcd/etc
Local Directory Now/etc
Ftp> put Inittab
Local:inittab Remote:inittab
227 Entering Passive Mode (32,12,32,227,93,85)
Ok to send data.
226 File receive OK.
1666 bytes sent in 0.021 seconds (from KBYTES/S)
ftp> mkdir Test
257 "/test" created
Ftp> ls
227 Entering Passive Mode (32,12,32,227,230,252)
Here comes the directory listing.
-RW-------1 502 502 1666 16:21 Inittab
DRWX------2 502 502 4096 may 16:21 test
226 Directory send OK.
ftp> Delete Inittab
+ Delete operation successful.
Vsftpd+openssl+mysql implementing SFTP and FTP virtual users