简介:
安全性是编写VSFTP的初衷,除了这与生俱来的安全特性以外,高速与高稳定性也是VSFTP的两个重要特点。
在速度方面,使用ASCII代码的模式下载数据时,VSFTP的速度是Wu-FTP的两倍,如果Linux主机使用2.4.*的内核,在千兆以太网上的下载速度可达86MB/S。
在稳定方面,VSFTP就更加的出色,VSFTP在单机(非集群)上支持4000个以上的并发用户同时连接,根据Red Hat的Ftp服务器的数据,VSFTP服务器可以支持15000个并发用户
实验环境:
OS: CentOS 6.6[root@1inux htdocs]# yum -y install vsftpd Loaded plugins: fastestmirror, refresh-packagekit, security Setting up Install Process Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package vsftpd.x86_64 0:2.2.2-12.el6_5.1 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================================= Package Arch Version Repository Size ========================================================================================================================================= Installing: vsftpd x86_64 2.2.2-12.el6_5.1 CD 151 k Transaction Summary ========================================================================================================================================= Install 1 Package(s) Total download size: 151 k Installed size: 331 k Downloading Packages: Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : vsftpd-2.2.2-12.el6_5.1.x86_64 1/1 Verifying : vsftpd-2.2.2-12.el6_5.1.x86_64 1/1 Installed: vsftpd.x86_64 0:2.2.2-12.el6_5.1 Complete! [root@1inux htdocs]#2、查看vsftp安装后生成的文件:
[root@1inux htdocs]# rpm -ql vsftpd /etc/logrotate.d/vsftpd /etc/pam.d/vsftpd //用户认证配置文件 /etc/rc.d/init.d/vsftpd //服务脚本 /etc/vsftpd //配置文件目录 /etc/vsftpd/vsftpd.conf //配置文件 /etc/vsftpd/ftpusers /etc/vsftpd/user_list /etc/vsftpd/vsftpd_conf_migrate.sh /usr/sbin/vsftpd //主程序 ..... /var/ftp //匿名访问目录 /var/ftp/pub
3、安装完成后启动vsftp
[root@1inux htdocs]# service vsftpd start Starting vsftpd for vsftpd: [ OK ] [root@1inux htdocs]#=========================
匿名登录方式: (1)可以输入用户名ftp,密码为空,然后登陆 (2) 用户名、密码都是anonymous
ftp> help //CentOS ftp客户端可以使用help命令获取命令列表 ! debug mdir sendport site $ dir mget put size account disconnect mkdir pwd status append exit mls quit struct ascii form mode quote system bell get modtime recv sunique binary glob mput reget tenex bye hash newer rstatus tick case help nmap rhelp trace cd idle nlist rename type cdup p_w_picpath ntrans reset user chmod lcd open restart umask close ls prompt rmdir verbose cr macdef passive runique ? delete mdelete proxy send ftp>主要命令介绍:
注意:配置之前先对其配置文件进行备份,以防止造成无法挽回的损失 # cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak
anonymous_enable=NO
[root@1inux ~]# ftp 172.16.66.82 Connected to 172.16.66.82 (172.16.66.82). 220 (vsFTPd 2.2.2) Name (172.16.66.82:root): ftp 331 Please specify the password. Password: 530 Login incorrect. Login failed. //访问失败 ftp>2、增加匿名用户上传权限
ftp> put fstab local: fstab remote: fstab 227 Entering Passive Mode (172,16,66,82,148,217). 553 Could not create file. //还是提示无法创建, 这是因为vsftp服务是以ftp用户启动的其对对/var/ftp目录没有写权限解决方案:在/var/ftp/目录下创建一个目录更改其权限使ftp用户对其有读写权限:
[root@1inux vsftpd]# mkdir /var/ftp/upload/ [root@1inux vsftpd]# cd /var/ftp/ [root@1inux ftp]# setfacl -m u:ftp:rwx upload/ [root@1inux ftp]# getfacl upload/ # file: upload/ # owner: root # group: root user::rwx user:ftp:rwx group::r-x mask::rwx other::r-x接下来我们再上传文件试试
[root@1inux ~]# ftp 172.16.66.82 Connected to 172.16.66.82 (172.16.66.82). 220 (vsFTPd 2.2.2) Name (172.16.66.82:root): ftp 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (172,16,66,82,201,178). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 4096 Aug 04 2014 pub drwxrwxr-x 2 0 0 4096 May 01 20:43 upload 226 Directory send OK. ftp> cd upload 250 Directory successfully changed. ftp> lcd /etc Local directory now /etc ftp> put fstab local: fstab remote: fstab 227 Entering Passive Mode (172,16,66,82,47,38). 150 Ok to send data. 226 Transfer complete. 1127 bytes sent in 0.000133 secs (8473.68 Kbytes/sec) ftp> ls 227 Entering Passive Mode (172,16,66,82,233,197). 150 Here comes the directory listing. -rw------- 1 14 50 1127 May 01 20:52 fstab //文件已经存在 226 Directory send OK. ftp>3、创建目录:
[root@1inux vsftpd]# service vsftpd reload Shutting down vsftpd: [ OK ] Starting vsftpd for vsftpd: [ OK ] [root@1inux vsftpd]#在客户端匿名登录创建目录anontest
ftp> mkdir anontest 257 "/upload/anontest" created //提示创建成功 ftp> ls 227 Entering Passive Mode (172,16,66,82,41,121). 150 Here comes the directory listing. drwx------ 2 14 50 4096 May 01 21:02 anontest //目录已经存在 -rw------- 1 14 50 1127 May 01 20:52 fstab 226 Directory send OK. ftp>4、删除文件或目录
ftp> ls 227 Entering Passive Mode (172,16,66,82,233,251). 150 Here comes the directory listing. drwx------ 2 14 50 4096 May 01 21:02 anontest -rw------- 1 14 50 1127 May 01 20:52 fstab 226 Directory send OK. ftp> delete fstab //删除文件 250 Delete operation successful. ftp> rmdir anontest //删除目录 250 Remove directory operation successful. ftp> ls 227 Entering Passive Mode (172,16,66,82,237,22). 150 Here comes the directory listing. 226 Directory send OK. ftp>
[root@1inux vsftpd]# useradd admin [root@1inux vsftpd]# passwd admin Changing password for user admin. New password: BAD PASSWORD: it is WAY too short BAD PASSWORD: is a palindrome Retype new password: passwd: all authentication tokens updated successfully. [root@1inux vsftpd]#1.2、访问
[root@1inux ~]# ftp 172.16.66.82 Connected to 172.16.66.82 (172.16.66.82). 220 (vsFTPd 2.2.2) Name (172.16.66.82:root): admin 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (172,16,66,82,236,21). 150 Here comes the directory listing. 226 Directory send OK. ftp> pwd 257 "/home/admin" //使用系统用户登陆默认访问的是其家目录 ftp> lcd /root //切换本地目录 ftp> pwd 257 "/etc"----------------------
[root@1inux vsftpd]# service vsftpd reload Shutting down vsftpd: [ OK ] Starting vsftpd for vsftpd: [ OK ] [root@1inux vsftpd]#2.1、访问:
[root@1inux ~]# ftp 172.16.66.82 Connected to 172.16.66.82 (172.16.66.82). 220 (vsFTPd 2.2.2) Name (172.16.66.82:root): admin 530 This FTP server is anonymous only. Login failed. //输入用户名后 直接提示失败 ftp>
[root@1inux ~]# ftp 172.16.66.82 Connected to 172.16.66.82 (172.16.66.82). 220 (vsFTPd 2.2.2) Name (172.16.66.82:root): admin 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> pwd 257 "/" ftp> lcd /etc Local directory now /etc ftp> ls 227 Entering Passive Mode (172,16,66,82,171,255). 150 Here comes the directory listing. drwxr-xr-x 2 501 501 4096 May 01 21:24 abc 226 Directory send OK.4、锁定部分用户至其家目录,可以启用以下行:
[root@1inux vsftpd]# useradd centos [root@1inux vsftpd]# echo "1" | passwd --stdin centos [root@1inux vsftpd]# useradd fedora [root@1inux vsftpd]# echo "1" | passwd --stdin fedora [root@1inux vsftpd]#4.2、创建用户列表
[root@1inux vsftpd]# vim chroot_list [root@1inux vsftpd]# cat chroot_list centos4.3、重新加载配置文件
[root@1inux vsftpd]# service vsftpd reload Shutting down vsftpd: [ OK ] Starting vsftpd for vsftpd: [ OK ]4.4、登陆查看
1、以centos身份登陆 [root@1inux ~]# ftp 172.16.66.82 Connected to 172.16.66.82 (172.16.66.82). 220 (vsFTPd 2.2.2) Name (172.16.66.82:root): centos 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> pwd 257 "/" ftp> 2、以fedora身份 登陆 [root@1inux ~]# ftp 172.16.66.82 Connected to 172.16.66.82 (172.16.66.82). 220 (vsFTPd 2.2.2) Name (172.16.66.82:root): fedora 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> pwd 257 "/home/fedora"
# vim .message Hello, guest How are you?重载配置文件:# service vsftpd reload
[root@1inux ~]# ftp 172.16.66.82 Connected to 172.16.66.82 (172.16.66.82). 220 (vsFTPd 2.2.2) Name (172.16.66.82:root): ftp 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd upload 250-Hello, guest //已经提示刚才定义的消息 250-How are you? 250 Directory successfully changed. ftp>2、日志相关
[root@1inux ~]# ftp 172.16.66.82 Connected to 172.16.66.82 (172.16.66.82). 220 Welcome to blah FTP service. //登陆时显示 Name (172.16.66.82:root):
7、vsftpd使用pam完成用户认证,其用到的pam配置文件
/etc/pam.d/vsftpd //定义了用户访问vsftpd时用哪个模块对用户做认证# cat /etc/pam.d/vsftpd %PAM-1.0 session optional pam_keyinit.so force revoke auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed auth required pam_shells.so auth include password-auth account include password-auth session required pam_loginuid.so session include password-auth-------------------
_______/etc/pam.d/vsftpd ______________ auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed-------------------------------------------------------------------------------------------
/etc/vsftpd/ftpusers 存放拒绝访问vsftp的用户列表,用户名一旦在此文件中出现,其将会被禁止访问vsftp
eg: 服务器端: [root@1inux vsftpd]# echo "admin" >> ftpusers [root@1inux vsftpd]# service vsftpd reload 客户端: [root@1inux ~]# ftp 172.16.66.82 Connected to 172.16.66.82 (172.16.66.82). 220 Welcome to blah FTP service. Name (172.16.66.82:root): admin 331 Please specify the password. Password: 530 Login incorrect. Login failed. //登陆失败 ftp>
8、控制用户列表文件
/etc/vsftpd/user_list# echo "centos" >> /etc/vsftpd/user_list [root@1inux ~]# ftp 172.16.66.82 Connected to 172.16.66.82 (172.16.66.82). 220 Welcome to blah FTP service. Name (172.16.66.82:root): centos 530 Permission denied. //被拒绝访问 Login failed. ftp> ------eg2:
[root@1inux vsftpd]# cat user_list # vsftpd userlist # If userlist_deny=NO, only allow users in this file # If userlist_deny=YES (default), never allow users in this file, and # do not even prompt for a password. # Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers # for users that are denied. root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody centos [root@1inux vsftpd]# 客户端: [root@1inux ~]# ftp 172.16.66.82 Connected to 172.16.66.82 (172.16.66.82). 220 Welcome to blah FTP service. Name (172.16.66.82:root): fedora 530 Permission denied. //fedora 用户直接被拒绝 Login failed. ftp> bye 221 Goodbye. [root@1inux ~]# ftp 172.16.66.82 Connected to 172.16.66.82 (172.16.66.82). 220 Welcome to blah FTP service. Name (172.16.66.82:root): centos 331 Please specify the password. Password: 230 Login successful. //centos 用户可以访问 Remote system type is UNIX. Using binary mode to transfer files. ftp>
OK 虚拟用户及系统用的的配置基本上就这么些......欢迎补充
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。