ftp (File Transfer Protocol)

• FTP is the English abbreviation of File Transfer Protocol (File Transfer Protocol), while the Chinese abbreviation is "Text Transfer Protocol". It is used for two-way transmission of control files on the Internet, and at the same time, it is also an application program (Application).
• There are different FTP applications based on different operating systems, and all of these applications follow the same protocol to transfer files.

1. Port protocol

By default, the FTP server uses ports 20 and 21 of the TCP protocol to communicate with the client.
Port 20 is used to establish data connections and transmit file data.
Port 21 is used to establish control connections and transmit FTP control commands

Two, ftp data connection mode

• Active mode: the server actively initiates a data connection 
• Passive mode: the server passively waits for a data connection 

1. Active Mode (Active Mode): In active mode, the FTP client first establishes a control connection with the default port (usually port 21) of the FTP server. When data transmission is required, the client will randomly select an unused port (usually a port greater than 1024) as the source port, and then inform the server to use this port for data connection. The server sends the data connection request to the specified port of the client through the control connection, establishes the data connection and performs data transmission.
2. Passive Mode: In passive mode, the FTP client first establishes a control connection with the default port (usually port 21) of the FTP server. When data transmission is required, the server will randomly select an unused port (usually a port greater than 1024) as the source port, and inform the client of the port. The client initiates a data connection to the port specified by the server through the control connection, establishes the data connection and performs data transmission.
3. The active mode and the passive mode differ in the establishment of the data connection, which mainly involves the establishment and transmission of the data connection between the client and the server.
4. When the network environment is complicated or there is a firewall, the passive mode is usually easier to pass through the firewall, so it is widely used in practical applications.
    

3. Installation and configuration of vsftpd

1. vsftpd installation

• rpm -qc vsftpd //Check whether the vsftpd installation package exists, if it exists, it does not need to be installed
• yum install -y vsftpd //yum install vsftpd
• cd /etc/vsftpd
• ls //Switch to the installed vsftpd directory to view files
• cp vsftpd.conf vsftpd.conf.bak //Back up the configuration file of vsftpd

 2.vsftpd allows anonymous users to have access to the machine and various permissions 

• vsftpd initializes the global configuration vim /etc/vsftpd/vsftpd.conf
• anonymous_enable=YES #Enable anonymous user access. enabled by default
• local_enable=YES #Allow system users to access
• write_enable=YES #Open the write permission of the server (to upload, it must be enabled). enabled by default
• anon_umask=022 #Set the permission mask (anti-mask) of data uploaded by anonymous users.
• anon_upload_enable=YES #Allow anonymous users to upload files. Commented by default, needs to be uncommented
• anon_mkdir_write_enable=YES #Allow anonymous users to create (upload) directories. Commented by default, needs to be uncommented
• anon_other_write_enable=YES #Allow delete, rename, overwrite and other operations. Need to add

 3. Restart the vsftpd service and turn off the security protection

• [root@localhost vsftpd]#systemctl restart vsftpd
• [root@localhost vsftpd]#systemctl stop firewalld
• [root@localhost vsftpd]#setenforce 0

4. Authorize the root directory of anonymous users so that anonymous users can read, write and execute

• chmod 777 /var/ftp/pub/ This is the default root directory for anonymous users

• echo 'hello world!' > test.txt

 5. Anonymous access test

• Open the start menu on the Windows system, enter the cmd command to open the command prompt
• # establish ftp connection
• ftp 192.168.233.21
• #Anonymous access, the user name is ftp, the password is empty, just press Enter to complete the login
• ftp> pwd #The root directory of anonymous access to ftp is the /var/ftp/ directory of the Linux system
• ftp> ls #View the current directory
• ftp> cd pub #Switch to the pub directory ftp> get file name #Download the file to the current Windows local directory
• ftp> cd pub
• 250 Directory successfully changed.
• ftp> ls
• ftp> get test.txt #Get the files in the directory and download them to the computer ( you need to create files in the /var/ftp/ directory first )
• ftp> ls
• ftp> put test4.txt 

                         Disadvantages: Anonymous user permissions are too high, there are security risks

 4. Experiment 2 Set up local user authentication to access ftp, and prohibit anonymous users from logging in

• [root@localhost ftp]# add user
• [root@localhost ftp]# echo '123' | passwd --stdin zhangsan
• [ root@localhost ftp]# useradd list
• [root@localhost ftp]# echo '123' | passwd --stdin lisi
• vim /etc/vsftpd/vsftpd.conf
• local_enable=Yes #Enable local users
• anonymous_enable=NO #Close anonymous user access
• write_enable=YES #Open the write permission of the server (if you want to upload, you must open it)
• local_umask=077 #It can be set that only the host user has the permission of the uploaded file (anti-mask)
• ftp 192.168.233.21（cmd）
• zhangsan
• 123
• OK
•  Restrict local user access to switching directories
• Add a restriction configuration for switching directories:
• vim /etc/vsftpd/vsftpd.conf
• chroot_local_user=YES             #Confine access to the user's home directory and uncomment it
• allow_writeable_chroot=YES #Allow restricted user home directories to have write permissions
• systemctl restart vsftpd
• C:\Users\DING>ftp 192.168.233.21
• Connect to 192.168.233.21.
• 220 (vsFTPd 3.0.2)
• 200 Always in UTF8 mode.
• User(192.168.233.21:(none)): zhangsan
• 331 Please specify the password.
• password:
• 230 Login successful.
• ftp> cd /etc
• 550 Failed to change directory.
• ftp>
• Modify the default root directory for anonymous users and local users to log in
• anon_root=/var/www/html #anon_root for anonymous users
• local_root=/var/www/html #local_root for local users

5. Use of blacklist and whitelist  

        After installing the vsftpd service, the official provided us with user_list in the service directory   
        (which is a manual for us to make better use of the blacklist and whitelist).

• Blacklist: Users marked on the blacklist are objects that we prohibit access to.
• White list: The users marked on the white list are the objects we allow to access. The white list is more strict and secure than the black list.

 

Blacklist
userlist_enable=YES #Enable user_list user list text
userlist_deny=YES #The default is YES, which is a blacklist and prohibits users on the user_list list from accessing

 

 

White list
userlist_enable=YES #Enable user_list user list file
userlist_deny=NO #Set white list, only allow users of user_list user list file to access.

 

To use the root user, you need to log out the root user in ftpusers

 

 

C:\Users\DING>ftp 192.168.233.21
to 192.168.233.21.
220 (vsFTPd 3.0.2)
200 Always in UTF8 mode.
User (192.168.233.21:(none)): zhangsan
530 Permission denied.
Login failed.
ftp> quit
221 Goodbye.

 

C:\Users\DING>ftp 192.168.233.21
to 192.168.233.21.
220 (vsFTPd 3.0.2)
200 Always in UTF8 mode.
User (192.168.233.21:(none)): lisi
331 Please specify the password.
Password:
230 Login successful.
ftp>
Zhang San cannot enter the password

 

You can also input file synchronization in windows:
ftp://[email protected]
lisi
123

rz file name#Download the specified file to the server
sz file name#Download the file from the server to the client