System environment:
Alibaba Cloud ECS host
| 12 | cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) |
|---|
1、 Installation using yum installation
| 1 | yum -y install vsftpd ftp |
|---|
2、 Service catalog
| 1 2 3 4 5 6 7 8 91011 | tree /etc/vsftpd//etc/vsftpd/├── ftpusers├── user_list├── vconf #New directory│ └── chenfei ├── vsftpd.conf├── vsftpd.conf.bak #Make a backup first ├── vsftpd_conf_migrate.sh├── vusers #User files└── vusers.db |
|---|
3、 Add ftp to the system service and boot up
| 1 | systemctl enable vsftpd |
|---|
4、 Modify the configuration file
| 1 2 3 4 5 6 7 8 91011121314151617181920212223242526272829303132 | anonymous_enable=NOlocal_enable=YESwrite_enable=YESlocal_umask=022anon_mkdir_write_enable=YESdirmessage_enable=YESxferlog_enable=YESconnect_from_port_20=YESchown_uploads=YESxferlog_std_format=YESasync_abor_enable=YESascii_upload_enable=YESascii_download_enable=YESftpd_banner=Welcome to blah FTP service.chroot_local_user=YESlisten=NOpam_service_name=vsftpduserlist_enable=YEStcp_wrappers=YESuse_localtime=YESlisten_port=21idle_session_timeout=300guest_enable=YESguest_username=vsftpduser_config_dir=/etc/vsftpd/vconfdata_connection_timeout=1virtual_use_local_privs=YESpasv_min_port=40000pasv_max_port=40010accept_timeout=5connect_timeout=1allow_writeable_chroot=YES |
|---|
5、 Create user files
| 1234 | cat /etc/vsftpd/vusers username password |
|---|
User name and password must be on a separate line, and the order cannot be changed
6、 Generate user data file
| 1 | db_load -T -t hash -f /etc/vsftpd/vusers /etc/vsftpd/vusers.db |
|---|
7、 Modify the /etc/pam.d/vsftpd file
| 1 2 3 4 5 6 7 8 91011 | cat /etc/pam.d/vsftpd#%PAM-1.0session optional pam_keyinit.so force revoke#auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed#auth required pam_shells.so#auth include password-auth#account include password-authsession required pam_loginuid.sosession include password-authauth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vusers account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vusers |
|---|
Note that the original auth and account items are commented out
8、 Create system user vsftpd, the user's home directory is /home/vsftpd
| 1 | useradd vsftpd -d /home/vsftpd -s /bin/false |
|---|
The user login terminal is set to /bin/false to prevent ssh from logging in to the system
9、 Create virtual user profile
| 1 2 3 4 5 6 7 8 91011 | mkdir /etc/vsftpd/vconfcd /etc/vsftpd/vconfcat testlocal_root=/home/vsftpd/testwrite_enable=YESanon_world_readable_only=NOanon_upload_enable=YESanon_mkdir_write_enable=YESanon_other_write_enable=YESanon_other_write_enable=YESanon_other_write_enable=Establish the test user root directory |
|---|
10、 Firewall settings
| 12 | - A INPUT -s native IP/32 -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT-A INPUT -s native IP/32 -p tcp -m state --state NEW- m tcp --dport 40000:40010 -j ACCEPT |
|---|
11、 Restart the vsftpd service
| 1 | systemctl restart vsftpd |
|---|
Pit encountered:
Access test error:
1、500 OOPS: unrecognised variable in config file: xxxx
This kind of configuration file is generally wrong. The reason for my error here is that there is a mistake in the virtual user's personal configuration file.
2、200 Switching to ASCII mode 227 Entering Passive Mode
Solution:
Open "Network and Sharing Center", find "Internet Options" -> [Advanced] this page, cancel "Use Passive FTP (for firewall and DSL modem compatibility)"
3、 When anonymous user access is enabled, you cannot create and modify directories
Solution:
| 12345 | Modify the configuration file: anonymous_enable=YES #Allow anonymous users to log in anon_upload_enable=YES #Allow anonymous users to upload anon_other_write_enable=YES Restart the service |
|---|
| 1 2 3 4 5 6 7 8 910111213 | ls List the current directory of the remote machine cd Change the working directory lcd on the remote machine Change the working directory ascii on the local machine Set the file transfer mode to ASCII mode binary Set the file transfer mode to binary mode close Terminate the current ftp session hash Every time data is transferred After the data in the buffer, a # number is displayed. get (mget) Transfer the specified file from the remote machine to the local machine put (mput) Transfer the specified file from the local machine to the remote machine open Connect to the remote ftp site Disconnect the connection with the remote machine and Exit ftp? Display local help information! Go to Shell |
|---|
Problems encountered during the use of ftp
1、 ftp:500 Illegal PORT command. ftp: bind: Address already in use
Solution:
Since iptables does not support it, two modules need to be loaded:
| 12 | modprobe ip_nat_ftp modprobe ip_conntrack_ftp |
|---|
When the client uses the command line or software to connect, the configuration file of the ftp server needs to ensure that there are these few lines of configuration:
| 1234 | pasv_enable=YESpasv_min_port=40000 pasv_max_port=40010pasv_promiscuous=YES #If this is not set, 425 Security: Bad IP connecting. An error similar to this will appear |
|---|
Recommended Posts