Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Server \ To setup a ftp server under Linux     - Android Studio 1.0.2 set the memory size (Linux)

- Python uses multi-process pool (Programming)

- Linux keyboard recording script (Linux)

- The most concise explanation of JavaScript closures (Programming)

- Testing Oracle 11g RMAN replicate database (Database)

- Linux serial port driver test (Linux)

- Linux common network tools: Scan routing of mtr (Linux)

- OpenNMS separate database (Server)

- Git Experience Sharing - Using a remote repository (Linux)

- C language print various graphic (Programming)

- Java proxy mode (Programming)

- Installation of Python2.7.8 and iPython under CentOS6.5 (Linux)

- Linux simple commands (Linux)

- Oracle inline view updates problems encountered (Database)

- Using packet capture libpcap be reconciliation package in Ubuntu 14.04 64 bits (Linux)

- Father of Python: Why Python zero-based index (Programming)

- Sorting algorithm of dichotomy (binary) insertion sort algorithm (Programming)

- Linux - EXT2 file system is described in detail (Linux)

- Linux file compression and file system packaged with instructions (Linux)

- Solve ORA-01012: not logged on (Database)

  To setup a ftp server under Linux
  Add Date : 2018-11-21      
  Detailed set up a ftp server on Linux.

ftp work will start two channels:
Control channel, the data channel
In the ftp protocol, the control connections are initiated by the client, and the data connection has two modes: port mode (active mode) and pasv (passive mode)
PORT mode:
When the client needs to receive data, ftp_client (random port greater than 1024) -PORT Command -> ftp_server (21) sends the PORT command, the PORT command contains the client what port is used to receive data (random port greater than 1024) when transferring data, ftp_server will create a new connection on port TCP 20 port and its own pORT contained to transfer data.

PASV mode:
When transferring data, ftp_client - PASV command -> ftp_server (21) sends a PASV command, ftp_server automatically opens a random port between 1024--5000 and notification ftp_client transmit data on this port, then the client to the specified port connection request to establish a data link for data transmission.
Installation ftp
#rpm -qa vsftpd to see if you have installed

#yum install -y vsftpd

#rpm -ql vsftpd
/etc/logrotate.d/vsftpd. vsftpd log file
/etc/pam.d/vsftpd PAM authentication file
/etc/rc.d/init.d/vsftpd startup script
/ Etc / vsftpd vsftpd configuration file directory
/ Etc / vsftpd / ftpusers prohibited vsftpd user list file
/ Etc / vsftpd / user_list prevents or allows use vsftpd user list file
/etc/vsftpd/vsftpd.conf master configuration file
Some variables /etc/vsftpd/vsftpd_conf_migrate.sh vsftpd operations and settings
/ Usr / sbin / vsftpd vsftpd main program
Manuals and other documentation files slightly!
/ Var / ftp anonymous user's home directory
/ Var / ftp / pub anonymous users download directory

#service vsftpd start
#chkconfig --level vsftpd
#chkconfig --level 2345 vsftpd on

2 anonymous user's login name: ftp (anonymous) empty password, login directory is / var / ftp
 When using the default anonymous user login is only downloaded authority, no upload, create, and delete permissions:

#vim /etc/vsftpd/vsftpd.conf
anon_upload_enable = YES Upload
anon_mkdir_write_enable = YES Create
anon_other_write_enable = YES to delete
#service vsftpd restart

For security should prohibit anonymous user login:
123456 #vim /etc/vsftpd/vsftpd.conf
anonymous_enable = NO
# Anon_upload_enable = YES Upload
# Anon_mkdir_write_enable = YES Create
# Anon_other_write_enable = YES to delete
#service vsftpd restart

3 Create a user to log into the system directly log ftp:
#useradd -s / sbin / nologin viong
#passwd viong

Users have uploaded create a download directory switching
-------------------------------------------------- ----------------
4 Strengthening vsftp security settings:
Locking system users at home directory:
#vim /etc/vsftpd/vsftpd.conf
chroot_list_enable = YES
chroot_list_file = / etc / vsftpd / chroot_list more restrictive system users, the need to limit users to join the / etc / vsftpd / chroot_list in to
#touch / etc / vsftpd / chroot_list
#cut -d: -f 1 / etc / passwd >> / etc / vsftpd / chroot_list local users are added to chroot_list

Limit critical system users can download ftp:
#cat / etc / vsftpd / ftpusers by default have been added to the system in some of the more important user
#echo "viong" >> / etc / vsftpd / ftpusers viong at this time can not log on ftp

Use ftp ftp login user policy allows users of the system:
/ Etc / vsftpd / user_list Only the user can log in this file:
#vim /etc/vsftpd/vsftpd.conf
Behind userlist_enable = YES # added
userlist_deny = NO
userlist_file = / etc / vsftpd / user_list

Setting login ftp target ip address: Using iptables settings

Build support SSL encrypted transmission vsftpd:
#openssl req -x509 -nodes -days 365 -newkey rsa: 1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem generate a certificate
#vim /etc/vsftpd/vsftpd.conf
ssl_enable = YES
allow_anon_ssl = NO
force_local_data_ssl = YES
force_local_logins_ssl = YES
ssl_tlsv1 = YES
ssl_sslv2 = YES
ssl_sslv3 = YES
rsa_cert_file = / etc / vsftpd / vsftpd.pem

Here are some definitions ssl parameters, to modify according to their needs:

ssl_enable = yes / no // whether to enable SSL, the default is no
allow_anon_ssl = yes / no // whether to allow anonymous users to use SSL, the default is no
rsa_cert_file = / path / to / file // position rsa certificate
dsa_cert_file = / path / to / file // position dsa certificate
force_local_logins_ssl = yes / no // non-anonymous user login is encrypted, the default is yes
force_local_data_ssl = yes / no // non-anonymous users to transfer data is encrypted, the default is yes
force_anon_logins_ssl = yes / no // anonymous user login is encrypted, the default is no
When force_anon_data_ssl = yes / no // anonymous user data transmission is encrypted, the default is no
ssl_sslv2 = yes / no // sslv2 encryption is active, no default
ssl_sslv3 = yes / no // sslv3 encryption is active, no default
ssl_tlsv1 = yes / no // whether to activate tls v1 encryption, the default yes
ssl_ciphers = // default encryption method is DES-CBC3-SHA

#service vsftpd restart

Flashftp connection with:
Connection type: FTP using public SSL (validation SSL)
Address: 21
Log type:
User: viong
Password: 123
- Use py2exe to generate exe files Python script (Programming)
- Xmanager Remote Desktop connection CentOS (Linux)
- Network traffic monitoring ntopng (Linux)
- CUDA (including GPU card driver) installation process under Ubuntu (Linux)
- How to deploy Icinga server (Server)
- Ora-00439: feature not enabled: managed standby (Database)
- Linux operating system boot manager -GRUB (Linux)
- C ++ implementation of the list of basic operations and test cases (Programming)
- Linux ps command (Linux)
- MongoDB in bulk timestamp change the date format (Database)
- Hadoop - Task Scheduling System Comparison (Server)
- Internal class broadcasting needs public and static (Programming)
- Linux linux system security (Linux)
- Spring AOP custom annotation way to achieve log management (Programming)
- Terminal multiplexing tool tmux use (Linux)
- crontab cause CPU exception Analysis and Processing (Linux)
- Ubuntu 15.04 and Ubuntu 14.04 installed Cinnamon 2.6 (Linux)
- Android basics summary article (Programming)
- The practical application of Oracle synonyms + dblink (Database)
- Creating and extracting archives 11 tar command examples in Linux (Linux)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.