ubuntu --- ftp server

Others 2020-03-29 01:56:43 views: null

Original link: https://help.ubuntu.com/lts/serverguide/ftp-server.html

FTP server

FTP, File Transfer Protocol, File Transfer Protocol is downloading files between computers for TCP protocol. FTP protocol is also used to upload before, but because the agreement does not use encryption, plaintext credentials and user data can be easily intercepted. If you want to find a way to upload secure download files, you can see the remote management OpenSSH section.

FTP to the 客户端/服务端 mode of operation. Server component is called FTP daemon (FTP daemon), it will continue to monitor FTP requests from clients. Upon request, it validates the login and connection settings. During the conversation, it will execute any commands sent by the FTP client.

You can set two ways to access the FTP server:

  1. anonymous
  2. Authenticate

In anonymous mode, clients can use named anonymous or ftpdefault account to access the FTP server, using the e-mail address as your password. In the authentication mode, the user must have an account and password. The actual authentication mode is not safe (credentials and data transmitted in clear text), unless special circumstances, or should not be used. If you want to transfer files securely, you can see the OpenSSH-Server in SFTP. User account permissions depending on the login has access to the FTP server directories and files. Typically, FTP daemon will hide the root directory of the FTP server and instead use FTP home directory. This will hide the rest of the file system in a remote session.

vsftpd - FTP Server Installation

Ubuntu is commonly used vsftpd FTP daemon, it is easy to install, set up and maintain. To install vsftpd, you can run the following command:

sudo apt install vsftpd

Anonymous FTP configuration

By default, vsftpd configured to not allow anonymous download. If you want to enable anonymous download, you can edit /etc/vsftpd.conf:

anonymous_enable=Yes

In the vsftpd installation process creates a named ftpuser, and the user's home directory is /srv/ftp, this is the default FTP directory.
If you want to modify the default FTP directory, for instance change /srv/files/ftp, you only need to create this directory and change the ftp user's home directory:

sudo mkdir /srv/files/ftp
sudo usermod -d /srv/files/ftp ftp

After modifying the configuration to take effect restart vsftpd:

sudo systemctl restart vsftpd.service

Now, you can put any file or files you want to share the folder copied to the user's home directory, ftp, little friends can be visited by anonymous FTP.

FTP Authentication Configuration

By default, vsftpd is configured to only authenticated users can download the file. If you want users to be able to upload a file, you can edit /etc/vsftpd.conf:

write_enable=YES

Need to restart vsftpd configuration to take effect:

sudo systemctl restart vsftpd.service

Now, when users log in to FTP, you can do in their home directory, download, upload, create directories and other operations.
By default, vsftpd does not allow anonymous users to upload files to FTP server. To modify this setting, you should uncomment the following line in the configuration file, and restart vsftpd:

anon_upload_enable=YES

Allow Anonymous FTP upload will be a great security risk. If the server can be accessed directly from the Internet, it is best not to enable anonymous uploads.

The configuration file contains a lot of configuration parameters. Information about each of the parameters in the configuration file has a description. Page can also check man, man 5 vsftpd.conf, for details of each parameter.

Secure FTP

/etc/vsftpd.confThere are some options in the configuration file can make vsftpd more secure. For example, you can restrict users by uncommenting the following line can only access the home directory:

chroot_local_user=YES

You can also limit a specific list of users can only access their home directories:

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

After the withdrawal of the two lines of comment, create a /etc/vsftpd.chroot_listfile, write a user name per line, and restart vsftpd:

sudo systemctl restart vsftpd.service

In addition, /etc/ftpusersfiles can be recorded in the list of users allowed to access FTP. The default list includes root, daemon, nobodyand so on. To disable FTP access for other users, simply add them to the list.

FTP can also be encrypted using FTPS. With different SFTP, FTPS FTP based Secure Sockets Layer (SSL, Secure Socket Layer) is. FTP SFTP referred to as a connection based on an encrypted SSH session. One major difference is that SFTP users need to have a shell account on the system, rather than nologin shell. It may not be the ideal choice to provide some shell environment to all users (such as shared Web hosts). However, such accounts can still be restricted to only SFTP and disable interactive shell. For more information, see the OpenSSH-Server.
To configure FTPS, you can edit /etc/vsftpd.conf, add at the end:

ssl_enable=Yes

Also you need to add the certificate and key related options:

rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

By default, these options will be set for the certificate and key provided by the ssl-cert package. In a production environment, these certificates should be replaced with the generated key and certificate for a particular host. For more information about certificates, you can see the certificate .
Now restart vsftpd, non-anonymous users will be forced to use FTPS:

sudo systemctl restart vsftpd.service

To have allowed /usr/sbin/nologinusers shell access FTP, but does not allow access shell, you can edit /etc/shellsadd nologin shell:

# /etc/shells: valid login shells
/bin/csh
/bin/sh
/usr/bin/es
/usr/bin/ksh
/bin/ksh
/usr/bin/rc
/usr/bin/tcsh
/bin/tcsh
/usr/bin/esh
/bin/dash
/bin/bash
/bin/rbash
/usr/bin/screen
/usr/sbin/nologin

This is necessary because by default, vsftpd uses PAM for authentication and /etc/pam.d/vsftpdconfiguration file contains:

auth    required        pam_shells.so

shells PAM module restrictions on /etc/shellaccess to the file listed in the shell.

Most popular FTP clients can be configured to use FTPS connections. lftp command line FTP client can use FTPS.

Quote

  1. For more detailed information, see the vsftpd website .
  2. For more detailed /etc/vsftpd.conf option, you can see vsftpd.conf man Page .

Guess you like

Origin www.cnblogs.com/-rvy-/p/12590531.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com