Samba only for local area network, the equivalent of windows Network Neighborhood.
ftp server can do, other people can log on to your machine, download or upload something.
A, samba service
Smb primarily as a network communication protocol;
Smb is based cs architecture;
Complete sharing between Linux and Windows ; shared use NFS between linux and linux
Step 1: Install samba
[root@ken ~]# yum install samba -y
Step 2: Edit the configuration file
[root@ken ~]# vim /etc/samba/smb.conf …
In the global join later
[ken] path = / ken ( path: sharing what the linux directory) before and after the spaces read only = no public = yes
Start smb : systemctl restart smb
Step 3: Add user access
[root @ ken ~] # pdbedit -a -u ken (ken: among system users exist)
(A : the Create the User to add users u: usage specified user name)
Step Four: Create a shared directory
[root@ken ~]# mkdir /ken
Step Five: turn off the firewall
[root@ken ~]# setenforce 0 [root@ken ~]# systemctl stop firewalld
Step Six: Start the samba service
[root@ken ~]# systemctl restart smb
Step Seven: Windows Access
Enter two backslash plus samba server address. Enter your user name and password
Step Eight: Creating test file
Add administrative privileges:
[root@ken ~]#chmod a= /home/test
[root@ken ~]#Chmod -R o+w /ken
Mapping: direct access to
Two, F TP Services Overview
FTP server (File Transfer Protocol Server) is to provide file storage and computer access services on the Internet, they provide services in accordance with the FTP protocol.
FTP (File Transfer Protocol: File Transfer Protocol) function: protocol used to transfer files on the Internet
Today's protagonist: vsftp
VSFTP is based FTP server software used on the GPL release of Unix-like systems, which stands for Very Secure FTP can be seen from the name, the original intention of compilers is safe code.
Features:
It is a secure, high-speed and stable FTP server;
Mode: C / S Mode
port:
20 (transfer data)
21 (transfer instructions)
Three, the FTP workflow (principle):
## interviews often encounter this problem, we need to note down
Where the active and passive, with respect to the FTP server side to determine the
If the server to connect client open port, that is the active, on the contrary, if the client to connect to server ports open, it is passive.
Comparison between two models:
( . 1) PORT (active) mode as long as mode 21 and 20 open port of the server, and the PASV (passive) mode is greater than the server need to open all tcp port 1024 and port 21.
( 2) from a network security point of view, then it seems ftp PORT mode is more secure, but less secure ftp PASV, then why RFC to re-establish a ftp PASV mode in the ftp PORT basis of it? In fact, the main purpose of the development of RFC ftp PASV mode for data transfer security point of view, because the ftp port using a fixed 20-port for data transmission, so as hackers can use sniffer content such as sniffer crawl ftp data, so that by ftp PORT mode to transfer data easily stolen by hackers, so use PASV way to set up ftp server is the safest great program. (The default is passive mode of operation)
Fourth, the installation deployment FTP
Download vsftpd
[root@ken ~]# yum install vsftpd -y
1. Configure anonymous open mode
Anonymous open mode: is one of the most insecure authentication mode, anyone can verify without a password and log in directly to an FTP server.
Table 11-2 may be open to the anonymous user permissions and role parameters
parameter |
effect |
anonymous_enable=YES |
Allow anonymous access mode |
anon_umask=022 |
umask value of anonymous users to upload files |
anon_upload_enable=YES |
Allow anonymous users to upload files |
anon_mkdir_write_enable=YES |
Allow anonymous users to create directories |
anon_other_write_enable=YES |
Allow anonymous users to modify or delete directory directory name |
The first step: edit the configuration file
[root@ken ~]# vim /etc/vsftpd/vsftpd.conf anonymous_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
Step Two: Start ftp
[root@ken ~]# systemctl restart vsftpd
The third step: Windows Access
Step Four: Write files for testing
We found no permission
Step Five: Change owner
[root@ken ~]#find /-name "pub"
[root @ ken ~] #ls -ld / var / ftp / pub / default access pub directory
[root@ken ~]#chmod -R o+w /var/ftp/pub/
(May be the chmod FTP: / var / FTP / Pub / )
I want to delete:
[root@ken ~]#vim /etc/vsftpd/vsftpd.conf
加anon_other_write_enable=YES
[root@ken ~]#systemctl restart vsftpd
Step Six: Create the file again
Creating success
2. the local user mode
Privileges for local-user mode parameters used and the role of
parameter |
effect |
anonymous_enable=NO |
Prohibit anonymous access mode |
local_enable=YES |
Local mode allows the user |
write_enable=YES |
Set write permissions |
local_umask=022 |
Local user mode to create a file umask value |
userlist_deny=YES |
Enable the "Prevent users list", a list of files and user_list ftpusers |
userlist_enable=YES |
Open User Role list of file function |
The first step: edit the configuration file
[root@ken ~]# vim /etc/vsftpd/vsftpd.conf anonymous_enable=NO
Step two: Restart Service
[root@ken ~]# systemctl restart vsftpd
Step 3: Create a regular user
[root@ken ~]# useradd ken [root@ken ~]# passwd ken
Step four: Windows Access
Enter the user and password you created
Step 5: Create files for testing
The file is uploaded to the user's home directory
[Root @ ken ~] # ls / home / ken yum.repo test
User Blacklist:
[root@ken ~]#cd /etc/vsftpd/
[root@ken ~]#vim ftpusers
[root@ken ~]#Vim user_list
(ftpusers user_list user blacklist )
Query port number: SS- TNL
Corresponding service port: [Ken the root @ ~] #lsof -i: 22 is
(t: tcp n: numeric does not resolve service name l: listen listen)
yum install tcpdump -y
[root@ken ~]#ip a
tcpdump -i eth0 -x src 192.168.67.1 and port 21
( I: designated port x: display data generation information 21: Port )
ss -tna
Create a file
Five, systemctl common operations
With samba column
systemctl start smb # smb service to start
systemctl restart smb # restart the smb service
systemctl stop smb # smb stop service
systemctl status smb # View smb service status (active running)
systemctl reload smb # GR smb (restart without stopping the service)
systemctl enable smb # boot from Kai smb service
systemctl disable smb # boot does not start the smb service
systemctl is-emabled smb # View start-up services do smb
systemctl list-units # view the boot from the start Services
Six, sshd service to explain
SSHD service
Description: SSH protocols: Secure Shell protocol. It is the abbreviation of Secure Shell. SSH is a secure protocol at the application layer and the transport layer basis.
The default port 22
effect
sshd service using the SSH protocol can be used to remotely control, or transfer files between computers
Compared with the prior telnet way to transfer files to a lot of security, because telnet clear text transmission is encrypted transmission.
SSH service is installed
Here with yum install (the system has been installed by default and boot from Kai)
[root@ken ~]# yum -y install openssh openssh-clients openssh-server openssh-askpass
SSH configuration file
There are two common configuration file SH / etc / ssh / ssh_config and / etc / ssh / sshd_config
ssh_config configuration file for the client
sshd_config configuration file to the server
[root@ken ~]#vim /etc/ssh/sshd_config
U SE the DNS : NO prohibit resolve the domain name
1. several hidden files
The master node: i.e., execute ssh-keygen host
[root@ken ~]# ls .ssh/
id_rsa: private key (ssh-keygen generation execution)
id_rsa.pub: a public key (ssh-keygen generation execution)
known_hosts: Host Information
From node: receiving a master secret key
[root@ken-node2 ~]# ls .ssh/ authorized_keys
id_rsa.pub file authorized_keys file content and content consistent with the master node, that is, save the public key information.
2. Use ssh login to remote host free secret
1, ssh [remote host username] @ [remote server host name or IP address]
[root@ken ssh]# ssh 192.168.100.156
[root@ken ~]# cat /root/.ssh/known_hosts
3. To generate a key pair
[root @ ken ~] # ssh -keygen has a carriage return
4. Send Key
[root @ ken ~] # ssh -copy-id 192.168.163.128 ( transfer key to the desired landing ip)
5. Log on to Node
[root@ken ~]# ssh 192.168.163.128
Example:
[root@ken ~]#vim /etc/ssh/sshd_config
UseDNS : NO prohibit resolve the domain name
[root@ken ~]#ssh-keygen
[root @ ken ~] #ls -la ( see there is no generation .ssh)
[root@ken ~]#ls .ssh/
[root@ken ~]#ssh-copy-id 192.168.163.128
[root@ken ~]#ssh 192.168.163.128
[root@ken ~]#cat .ssh/known_hosts
Go to another
[root@ken ~]#ls.ssh
[root@ken ~]#cat .ssh/id_rsa.pub