Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Server \ To setup a ftp server under Linux     - CentOS6.3 build a Python 3.3 environment to access Oracle 11gR2 (Database)

- CentOS yum source deployment (Linux)

- Detailed use Zabbix monitoring Nginx (Server)

- Reason C ++ program running under Linux a segmentation fault core dumped in (Programming)

- Nginx supports user multi-threaded downloads and resume broken (Server)

- Ubuntu 14.04 How to install Cinnamon 2.4.5 (Linux)

- Linux and Unix systems really do network more secure (Linux)

- Java development environment to build under Ubuntu (Linux)

- PXE install CentOS 6.4 (Linux)

- Supervisor Installation and Configuration (Server)

- Preliminary understanding of SELinux security management (Linux)

- Common Linux system performance monitoring command (Linux)

- Why learn and use C language (Programming)

- Linux install Eclipse for C / C ++ Development (Linux)

- Print Linux system error codes (Linux)

- Ubuntu 14.04 Configuring cuda-convnet (Linux)

- How to run in support UDp Docker container JBoss data virtualization GA (Server)

- Linux character device - automatically creates the device nodes and devices (Linux)

- CentOS install pip (Linux)

- The strings in Python reside (Programming)

  To setup a ftp server under Linux
  Add Date : 2018-11-21      
  Detailed set up a ftp server on Linux.

ftp work will start two channels:
Control channel, the data channel
In the ftp protocol, the control connections are initiated by the client, and the data connection has two modes: port mode (active mode) and pasv (passive mode)
PORT mode:
When the client needs to receive data, ftp_client (random port greater than 1024) -PORT Command -> ftp_server (21) sends the PORT command, the PORT command contains the client what port is used to receive data (random port greater than 1024) when transferring data, ftp_server will create a new connection on port TCP 20 port and its own pORT contained to transfer data.

PASV mode:
When transferring data, ftp_client - PASV command -> ftp_server (21) sends a PASV command, ftp_server automatically opens a random port between 1024--5000 and notification ftp_client transmit data on this port, then the client to the specified port connection request to establish a data link for data transmission.
Installation ftp
#rpm -qa vsftpd to see if you have installed

#yum install -y vsftpd

#rpm -ql vsftpd
/etc/logrotate.d/vsftpd. vsftpd log file
/etc/pam.d/vsftpd PAM authentication file
/etc/rc.d/init.d/vsftpd startup script
/ Etc / vsftpd vsftpd configuration file directory
/ Etc / vsftpd / ftpusers prohibited vsftpd user list file
/ Etc / vsftpd / user_list prevents or allows use vsftpd user list file
/etc/vsftpd/vsftpd.conf master configuration file
Some variables /etc/vsftpd/vsftpd_conf_migrate.sh vsftpd operations and settings
/ Usr / sbin / vsftpd vsftpd main program
Manuals and other documentation files slightly!
/ Var / ftp anonymous user's home directory
/ Var / ftp / pub anonymous users download directory

#service vsftpd start
#chkconfig --level vsftpd
#chkconfig --level 2345 vsftpd on

2 anonymous user's login name: ftp (anonymous) empty password, login directory is / var / ftp
 When using the default anonymous user login is only downloaded authority, no upload, create, and delete permissions:

#vim /etc/vsftpd/vsftpd.conf
anon_upload_enable = YES Upload
anon_mkdir_write_enable = YES Create
anon_other_write_enable = YES to delete
#service vsftpd restart

For security should prohibit anonymous user login:
123456 #vim /etc/vsftpd/vsftpd.conf
anonymous_enable = NO
# Anon_upload_enable = YES Upload
# Anon_mkdir_write_enable = YES Create
# Anon_other_write_enable = YES to delete
#service vsftpd restart

3 Create a user to log into the system directly log ftp:
#useradd -s / sbin / nologin viong
#passwd viong

Users have uploaded create a download directory switching
-------------------------------------------------- ----------------
4 Strengthening vsftp security settings:
Locking system users at home directory:
#vim /etc/vsftpd/vsftpd.conf
chroot_list_enable = YES
chroot_list_file = / etc / vsftpd / chroot_list more restrictive system users, the need to limit users to join the / etc / vsftpd / chroot_list in to
#touch / etc / vsftpd / chroot_list
#cut -d: -f 1 / etc / passwd >> / etc / vsftpd / chroot_list local users are added to chroot_list

Limit critical system users can download ftp:
#cat / etc / vsftpd / ftpusers by default have been added to the system in some of the more important user
#echo "viong" >> / etc / vsftpd / ftpusers viong at this time can not log on ftp

Use ftp ftp login user policy allows users of the system:
/ Etc / vsftpd / user_list Only the user can log in this file:
#vim /etc/vsftpd/vsftpd.conf
Behind userlist_enable = YES # added
userlist_deny = NO
userlist_file = / etc / vsftpd / user_list

Setting login ftp target ip address: Using iptables settings

Build support SSL encrypted transmission vsftpd:
#openssl req -x509 -nodes -days 365 -newkey rsa: 1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem generate a certificate
#vim /etc/vsftpd/vsftpd.conf
ssl_enable = YES
allow_anon_ssl = NO
force_local_data_ssl = YES
force_local_logins_ssl = YES
ssl_tlsv1 = YES
ssl_sslv2 = YES
ssl_sslv3 = YES
rsa_cert_file = / etc / vsftpd / vsftpd.pem

Here are some definitions ssl parameters, to modify according to their needs:

ssl_enable = yes / no // whether to enable SSL, the default is no
allow_anon_ssl = yes / no // whether to allow anonymous users to use SSL, the default is no
rsa_cert_file = / path / to / file // position rsa certificate
dsa_cert_file = / path / to / file // position dsa certificate
force_local_logins_ssl = yes / no // non-anonymous user login is encrypted, the default is yes
force_local_data_ssl = yes / no // non-anonymous users to transfer data is encrypted, the default is yes
force_anon_logins_ssl = yes / no // anonymous user login is encrypted, the default is no
When force_anon_data_ssl = yes / no // anonymous user data transmission is encrypted, the default is no
ssl_sslv2 = yes / no // sslv2 encryption is active, no default
ssl_sslv3 = yes / no // sslv3 encryption is active, no default
ssl_tlsv1 = yes / no // whether to activate tls v1 encryption, the default yes
ssl_ciphers = // default encryption method is DES-CBC3-SHA

#service vsftpd restart

Flashftp connection with:
Connection type: FTP using public SSL (validation SSL)
Address: 21
Log type:
User: viong
Password: 123
- Installation Elementary OS Freya to do some settings (Linux)
- Hive handle count distinct inclination to produce data processing (Database)
- Ubuntu Gitolite management Git Server code base permissions (Server)
- Ubuntu users to install voice switch instructs the applet (Linux)
- 5 fast Node.js application performance tips (Programming)
- How to install Gnome 3.10 in Ubuntu 13.10 (Linux)
- Ubuntu 15.10 installation and deployment Swift development environment (Linux)
- C language print various graphic (Programming)
- RedHat yum configuration and the prompt (Linux)
- Use PDFBox processing PDF documents (Linux)
- Linux Powerful IDE - Geany configuration instructions (Linux)
- MySQL monitoring tool -Innotop (Database)
- About Linux backdoor (Linux)
- Install Mac OS X 10.9 systems VMware10 (Linux)
- Install mono offline on CentOS (Server)
- Ubuntu will be written in a command file, executable file, source command (Linux)
- Ubuntu 12.04 installed OpenCV 2.3.1, binary image (Linux)
- Linux System Tutorial: Ubuntu on the desktop is disabled by default keyring to unlock tips (Linux)
- Ubuntu installed Komodo editor by PPA (Linux)
- Bug tracking library after FastJson omitted the decimal point 0 (Programming)
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.