Ftp set up and use, and encryption services under Linux Centos7.4

A, Ftp services installation

1.1, install the ftp service

# 安装ftp服务
yum install vsftpd

1.2, start ftp service

# 启动ftp服务
systemctl start vsftpd.service
# 查看ftp服务的状态
systemctl status vsftpd.service

Be seen in the following figure, our ftp service is installed and started successful.

1.3, the ftp service to boot

# 设置开机启动
systemctl enable vsftpd.service

1.4, stop the ftp service

# 停止
systemctl stop vsftpd.service

Two, Ftp service outline

2.1, Ftp user classification

2.1.1, anonymous users

1, the anonymous user is used to directly access the application after installation vsftp start. As an anonymous user, his user name: ftp; no password. At login, enter the password when prompted Enter directly over the line. You do not need to enter a space.
2, the default permissions are only anonymous users can not upload the download. And upload permission (profile [the vsftpd.conf] and file system) consists of two parts
Anonymous users to upload files too, anonymous users can not download. We can only after the following anon_umask configuration = 022.
Current permissions (755) = maximum privileges (777) files - mask (022)

2.1.2, local user

It should be noted yes. ftp users are using a linux user system, so the default local user to create a folder that is ftp, linux user's home directory created. (If you can not understand this, we need to look at the relevant knowledge of the user and the user's home directory linux).

2.1.2.1, create a local user

# 添加用户ftpuser
# /ftpfile 指创建的ftp文件夹
# -s /sbin/nologin 指当前的用户不能登录操作
useradd ftpuser -d /ftpfile -s /sbin/nologin

Here guild create your own folders, you can also use the following command line creates a folder by the above command.

# 创建ftpfile文件夹
mkdir ftpfile

PS: It should be noted that I am here to add this user to the local user ftp used when specified home directory for ftpfile

2.1.2.2, set a password for the user

passwd ftpuser

2.1.2.3, modify the permissions of a folder ftpfile

# -R 指遍历文件夹，修改该文件夹下的所有内容的权限到ftpuser的用户和用户组
chown -R ftpuser.ftpuser /ftpfile

Note: After the above settings, use ftpuser user logs in to the ftp server can be found in our current users default ftp folder ftpfile file folder that you created earlier.

2.1.2.4, the basic configuration of the local user Item Description

2.1.3, virtual users

2.1.3.1, creating a virtual user database files

Principle as shown below

following the user first creates a file in the ftp, then the encrypted user file into a user file db.

instruction	meaning
db_load：	Encryption Tools
-T：	The vsftpd.user encrypted to vsftpd.db
-t：	What manner using encryption
hash：	Encrypt the hash code using the
-f：	Followed by the original file to be converted

Note: This privilege user database files must be changed to 600, or will be error. Is vsftp requirements.

2.1.3.2, users create virtual mapping user and shall establish its user's home directory

Here, you can not specify a user's root directory, the root user is the current user's home directory. FIG user designates the current virtual root directory / var / ftproot
Note: This is the creation of a virtual user, the files in the user folder to the user created above use. It is not the direct use of virtual user.

2.1.3.3, users create virtual PAM authentication file, add the virtual user support.

2.1.3.4, establishment of an independent profiles for virtual users, and start the service test

Note: The default configuration parameters using virtual users with a user's profile is anonymous, so you need to first anonymous users vsftpd.conf master configuration file to add their own settings commented. Priority master profile is greater than the priority of the sub-profile

Added by Anonymous a1 configure

user rights settings ftproot folder

2.2, openssl + vsftpd encryption

2.2.1, ssh outline of using public and private encryption for data transmission

2.2.2, ssh outline of using public and private encryption for data transmission

2.2.3 Practice