Vsftpd+openssl+mysql implementing SFTP and FTP virtual users

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Ftp:file Transfer Protocol, Port: control: TCP/21; Data: TCP/20 or random high port

FTP has two connections:

Command connection (Control connection): TCP/21

Data connection (open on Demand):

Active mode: TCP/20 (FTP server Active connection client)

Passive mode: Random high port

FTP has two modes of transmission: Binary, TEXT (default is auto, will match according to file characteristics)

SFTP is implemented with OpenSSL, and FTPs is a sub-function of SSH.

System platform: rhel5.8 (32-bit), ip:32.12.32.227, with the system's own RPM package installation

To install ftp:

#yum Install VSFTPD

#service vsftpd Start

#finger FTP (Installation VSFTPD automatically creates FTP users and user groups to view the home directory for FTP

Test (at this time anonymous login, user name can anonymous or FTP, password is empty):

C:\users\yangyuan>ftp 32.12.32.227

Connect to 32.12.32.227.

(VsFTPd 2.0.5)

User (32.12.32.227: (None)): FTP

331 Specify the password.

Password:

Successful Login.

Ftp>

Note: Anonymous users are not able to upload files, create new directories, delete files unless you change the configuration file/etc/vsftpd/vsftpd.conf

#vim/etc/vsftpd/vsftpd.conf

Anon_upload_enable=yes (Allow anonymous users to upload files)

Anon_mkdir_write_enable=yes (Allow anonymous users to create a new directory)

Anon_other_write_enable=yes (Allow anonymous users to delete files)

#mkdir/var/ftp/upload (Create an upload directory)

#setfacl-M U:ftp:rwx/var/ftp/upload

#service vsftpd Restart

#setenforce 0

#iptables-F (empty firewall)

Test:

xshell:\> FTP 32.12.32.227

Connecting to 32.12.32.227:21 ...

Connection established.

To escape to local shell, press ' ctrl+alt+] '.

(VsFTPd 2.0.5)

Name (32.12.32.227:yangyuan): FTP

331 Specify the password.

Password:

Successful Login.

Ftp:/> CD Upload

Directory successfully changed.

Ftp:/upload> lpwd

D:\Users\yangyuan\Desktop

Ftp:/upload> put Fd.png

227 Entering Passive Mode (32,12,32,227,222,90)

Ok to send data.

fd.png:12.8 KB Sent in 0.001 sec (13,129 bytes, 12.5 mb/sec).

226 File receive OK.

ftp:/upload> mkdir Test3

257 "/UPLOAD/TEST3" created

ftp:/upload> Delete Fd.png

+ Delete operation successful.

Using the normal user of the system to access the FTP will go to the normal user home directory, it is recommended not to use:

#useradd Hadoop

#echo "Redhat" | passwd--stdin Hadoop

xshell:\> FTP 32.12.32.227

Connecting to 32.12.32.227:21 ...

Connection established.

To escape to local shell, press ' ctrl+alt+] '.

(VsFTPd 2.0.5)

Name (32.12.32.227:yangyuan): Hadoop

331 Specify the password.

Password:

Successful Login.

Ftp:/home/hadoop>

In addition, the following two commands can be added to the/etc/vsftpd/vsftpd.conf:

max_clients= value (used to define the maximum number of users to access)

mas_per_ip= value (used to define the number of individual IP address users)

Implementation of SFTP: CA---->sftp

# (Umask 077;openssl genrsa-out PRIVATE/CAKEY.PEM 2048)

# OpenSSL Req-new-x509-key private/cakey.pem-out cacert.pem-days 3650

.........

Country Name (2 letter code) [GB]:CN

State or province name (full name) [Berkshire]:js

Locality Name (eg, city) [Newbury]:sz

Organization Name (eg, company) [My company Ltd]:bocs

Organizational Unit Name (eg, section) []:tech

Common name (eg, your name or your server ' s hostname) []:ca.bocs.com

Email Address []:

# VIM/ETC/PKI/TLS/OPENSSL.CNF

DIR =/etc/pki/ca

# Mkdir/etc/vsftpd/ssl

# Cd/etc/vsftpd/ssl

# (Umask 077;openssl genrsa-out vsftpd.key 2048)

# OpenSSL Req-new-key vsftpd.key-out VSFTPD.CSR

Country Name (2 letter code) [GB]:CN

State or province name (full name) [Berkshire]:js

Locality Name (eg, city) [Newbury]:sz

Organization Name (eg, company) [My company Ltd]:bocs

Organizational Unit Name (eg, section) []:tech

Common name (eg, your name or your server ' s hostname) []:ftp.bocs.com

Email Address []:

Please enter the following ' extra ' attributes

To is sent with your certificate request

A Challenge Password []:

An optional company name []:

# OpenSSL ca-in vsftpd.csr-out vsftpd.crt (y y)

#vim/etc/vsftpd/vsftpd.conf (Add the following)

######### SSL or TLS #########

Ssl_enable=yes

Ssl_tlsv1=yes

Ssl_sslv3=yes

Allow_anon_ssl=no

Force_local_data_ssl=yes

Force_local_logins_ssl=yes

Rsa_cert_file=/etc/vsftpd/ssl/vsftpd.crt

Rsa_private_key_file=/etc/vsftpd/ssl/vsftpd.key

#service vsftpd Restart

Test

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/7F/BB/wKiom1cquC3DujDEAABq6PIIE-Y902.png "style=" float: none; "title=" 12.PNG "alt=" Wkiom1cquc3dujdeaabq6piie-y902.png "/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7F/B9/wKioL1cquQTBx2IrAAD63L3WWgc226.png "style=" float: none; "title=" 12.1.PNG "alt=" Wkiol1cquqtbx2iraad63l3wwgc226.png "/>

Virtual user implementation based on Pam and MySQL

# yum-y Install Mysql-server Mysql-devel

# service Mysqld Start

# Chkconfig Mysqld on

Because the system Pam is associated with MySQL a package: pam_mysql-0.7rc1.tar.gz, download location:http://download.chinaunix.net/download.php?id=15901& resourceid=7820

# Tar XF pam_mysql-0.7rc1.tar.gz

# CD PAM_MYSQL-0.7RC1

#./configure--WITH-MSYQL--with-openssl

# make

# make Install

Create databases, tables, assign permissions to library users

# MySQL

mysql> CREATE DATABASE vsftpd;

Query OK, 1 row affected (0.02 sec)

mysql> use VSFTPD;

Database changed

Mysql> CREATE TABLE Users (

-ID SMALLINT auto_increment not NULL,

, name CHAR (a) BINARY not NULL,

Password CHAR () BINARY not NULL,

-PRIMARY KEY (ID)

);

Query OK, 0 rows affected (0.03 sec)

mysql> DESC users;

+----------+-------------+------+-----+---------+----------------+

+----------+-------------+------+-----+---------+----------------+

| ID | smallint (6) | NO | PRI | NULL | auto_increment |

+----------+-------------+------+-----+---------+----------------+

3 rows in Set (0.01 sec)

Mysql> GRANT SELECT on vsftpd.* to [e-mail protected] identified by ' vsftpd ';

Query OK, 0 rows Affected (0.00 sec)

Mysql> GRANT SELECT on vsftpd.* to [e-mail protected] ' 127.0.0.1 ' identified by ' vsftpd ';

Query OK, 0 rows Affected (0.00 sec)

Mysql> INSERT into users (Name,password) VALUES (' Tom ', ' Redhat ');

Query OK, 1 row Affected (0.00 sec)

Mysql> INSERT into users (Name,password) VALUES (' Jerry ', ' Redhat ');

Query OK, 1 row Affected (0.00 sec)

mysql> FLUSH privileges;

Query OK, 0 rows Affected (0.00 sec)

Mysql> \q

Files required to establish PAM certification

# Vim/etc/pam.d/vsftpd.mysql

Auth required/usr/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn =name Passwdcolumn=password crypt=0

Account required/usr/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=0

# useradd-s/sbin/nologin-d/var/vuser VUser

# chmod Go+rx/var/vuser

# vim/etc/vsftpd/vsftpd.conf

Pam_service_name=vsftpd.mysql

Force_local_data_ssl=no

Force_local_logins_ssl=no

######## Guset ##########

Guest_enable=yes

Guest_username=yes

User_config_dir=/etc/vsftpd/vuser_list

# mkdir/etc/vsftpd/vuser_list

# Touch/etc/vsftpd/vuser_list/{tom,jerry}

# Vim/etc/vsftpd/vuser_list/jerry (Jerry user has upload, create directory, delete file function)

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

Anon_other_write_enable=yes

# Service VSFTPD Restart

Test

[[Email protected] ~]# FTP 32.12.32.227

Connected to 32.12.32.227.

(VsFTPd 2.0.5)

504 Unknown AUTH type.

Kerberos_v4 rejected as an authentication type

Name (32.12.32.227:root): Tom

331 Specify the password.

Password:

Successful Login.

Remote system type is UNIX.

Using binary mode to transfer files.

Ftp>

[[Email protected] ~]# FTP 32.12.32.227

Connected to 32.12.32.227.

(VsFTPd 2.0.5)

504 Unknown AUTH type.

Kerberos_v4 rejected as an authentication type

Name (32.12.32.227:root): Jerry

331 Specify the password.

Password:

Successful Login.

Remote system type is UNIX.

Using binary mode to transfer files.

Ftp> lcd/etc

Local Directory Now/etc

Ftp> put Inittab

Local:inittab Remote:inittab

227 Entering Passive Mode (32,12,32,227,93,85)

Ok to send data.

226 File receive OK.

1666 bytes sent in 0.021 seconds (from KBYTES/S)

ftp> mkdir Test

257 "/test" created

Ftp> ls

227 Entering Passive Mode (32,12,32,227,230,252)

Here comes the directory listing.

-RW-------1 502 502 1666 16:21 Inittab

DRWX------2 502 502 4096 may 16:21 test

226 Directory send OK.

ftp> Delete Inittab

+ Delete operation successful.

Vsftpd+openssl+mysql implementing SFTP and FTP virtual users

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More