vsftpd服务采用的是服务器端/客户端模式
下面实验中PC1为服务器端,IP为192.168.10.10,PC2为客户端,IP为192.168.10.20。
1、在PC1服务器端安装vsftpd服务
[root@PC1 ~]# yum install vsftpd.x86_64 -y
Loaded plugins: langpacks, product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
rhel7 | 4.1 kB 00:00
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-9.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vsftpd x86_64 3.0.2-9.el7 rhel7 166 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 166 k
Installed size: 343 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : vsftpd-3.0.2-9.el7.x86_64 1/1
rhel7/productid | 1.6 kB 00:00
Verifying : vsftpd-3.0.2-9.el7.x86_64 1/1
Installed:
vsftpd.x86_64 0:3.0.2-9.el7
Complete!
2、在PC1服务器端清空防火墙并保存
[root@PC1 ~]# iptables -F
[root@PC1 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
3、在PC1服务器端修改vsftpd服务的配置文件
[root@PC1 ~]# cd /etc/vsftpd/
[root@PC1 vsftpd]# ls
ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh
[root@PC1 vsftpd]# cp vsftpd.conf vsftpd.conf.bak
[root@PC1 vsftpd]# grep -v "#" vsftpd.conf.bak > vsftpd.conf ## 精简配置文件,删除注释
[root@PC1 vsftpd]# vim vsftpd.conf
anonymous_enable=NO ## 此处改为NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
4、在PC1服务器端重启vsftpd服务
[root@PC1 vsftpd]# systemctl restart vsftpd
[root@PC1 vsftpd]# systemctl enable vsftpd
ln -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi-user.target.wants/vsftpd.service'
5、在PC2客户机端安装ftp客户端工具ftp
[root@PC2 ~]# yum install ftp -y
Loaded plugins: langpacks, product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package ftp.x86_64 0:0.17-66.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
ftp x86_64 0.17-66.el7 rhel7 61 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 61 k
Installed size: 96 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : ftp-0.17-66.el7.x86_64 1/1
rhel7/productid | 1.6 kB 00:00
Verifying : ftp-0.17-66.el7.x86_64 1/1
Installed:
ftp.x86_64 0:0.17-66.el7
Complete!
6、在PC2客户端测试远程登录PC1(以PC1主机的root方式)
[root@PC2 ~]# ftp 192.168.10.10 Connected to 192.168.10.10 (192.168.10.10). 220 (vsFTPd 3.0.2) Name (192.168.10.10:root): root 530 Permission denied. Login failed. ftp>
## 登录失败
7、在PC1服务器端修改禁用用户名单 (因为root登录存在风险,黑客破解root密码后破坏大,一般使用普通用户登录)
[root@PC1 vsftpd]# cd /etc/vsftpd/
[root@PC1 vsftpd]# ls
ftpusers user_list vsftpd.conf vsftpd.conf.bak vsftpd_conf_migrate.sh
[root@PC1 vsftpd]# vim ftpusers
# Users that are not allowed to login via ftp
#root ## 此处将root注释掉
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
[root@PC1 vsftpd]# vim user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
#root ## 此处将root注释掉
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
8、 在PC1服务器端重启vsftpd服务
[root@PC1 vsftpd]# systemctl restart vsftpd.service
[root@PC1 vsftpd]# systemctl status vsftpd.service
vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled)
Active: active (running) since Mon 2020-12-14 16:58:55 CST; 8s ago
Process: 4431 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)
Main PID: 4432 (vsftpd)
CGroup: /system.slice/vsftpd.service
└─4432 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
Dec 14 16:58:55 PC1 systemd[1]: Started Vsftpd ftp daemon.
9、在PC2客户端测试ftp远程连接
[root@PC2 ~]# ftp 192.168.10.10
Connected to 192.168.10.10 (192.168.10.10).
220 (vsFTPd 3.0.2)
Name (192.168.10.10:root): root
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/root"
## 可以登录
10、 设置SElinux
[root@PC1 home]# getsebool -a | grep ftp
ftp_home_dir --> off
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> off
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
sftpd_anon_write --> off
sftpd_enable_homedirs --> off
sftpd_full_access --> off
sftpd_write_ssh_home --> off
tftp_anon_write --> off
tftp_home_dir --> off
[root@PC1 home]# setsebool -P ftpd_full_access=on
[root@PC1 home]# getsebool -a | grep ftp
ftp_home_dir --> off
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> on
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
sftpd_anon_write --> off
sftpd_enable_homedirs --> off
sftpd_full_access --> off
sftpd_write_ssh_home --> off
tftp_anon_write --> off
tftp_home_dir --> off
11、服务器端创建测试文件a.txt
[root@PC1 ~]# seq 10 > a.txt
[root@PC1 ~]# ls
anaconda-ks.cfg Desktop Downloads Music Public Videos
a.txt Documents initial-setup-ks.cfg Pictures Templates
[root@PC1 ~]# pwd
/root
12、PC2端将a.txt传输至本地
[root@PC2 test]# ls ## 当前为空目录
[root@PC2 test]# pwd
/home/test
[root@PC2 test]# ftp 192.168.10.10
Connected to 192.168.10.10 (192.168.10.10).
220 (vsFTPd 3.0.2)
Name (192.168.10.10:root): root ## root登录
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,10,10,238,155).
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Desktop
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Documents
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Downloads
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Music
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Pictures
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Public
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Templates
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Videos
-rw-r--r-- 1 0 0 21 Dec 14 09:02 a.txt
-rw------- 1 0 0 1021 Dec 02 16:26 anaconda-ks.cfg
-rw-r--r-- 1 0 0 1072 Dec 02 08:27 initial-setup-ks.cfg
226 Directory send OK.
ftp> get a.txt xxxx.txt ## 传输至本地
local: xxxx.txt remote: a.txt
227 Entering Passive Mode (192,168,10,10,115,61).
150 Opening BINARY mode data connection for a.txt (21 bytes).
226 Transfer complete.
21 bytes received in 2.6e-05 secs (807.69 Kbytes/sec)
ftp> bye
221 Goodbye.
[root@PC2 test]# ls
xxxx.txt
[root@PC2 test]# cat xxxx.txt
1
2
3
4
5
6
7
8
9
10
13、删除PC1服务器端测试文件a.txt
[root@PC1 ~]# ls
anaconda-ks.cfg Desktop Downloads Music Public Videos
a.txt Documents initial-setup-ks.cfg Pictures Templates
[root@PC1 ~]# rm -f a.txt
[root@PC1 ~]# ls
anaconda-ks.cfg Documents initial-setup-ks.cfg Pictures Templates
Desktop Downloads Music Public Videos
14、在PC2服务端上传本地文件至PC1服务端
[root@PC2 test]# echo "i am pc2" > test.file
[root@PC2 test]# ls
test.file
[root@PC2 test]# ftp 192.168.10.10
Connected to 192.168.10.10 (192.168.10.10).
220 (vsFTPd 3.0.2)
Name (192.168.10.10:root): root
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/root"
ftp> ls
227 Entering Passive Mode (192,168,10,10,138,207).
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Desktop
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Documents
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Downloads
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Music
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Pictures
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Public
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Templates
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Videos
-rw------- 1 0 0 1021 Dec 02 16:26 anaconda-ks.cfg
-rw-r--r-- 1 0 0 1072 Dec 02 08:27 initial-setup-ks.cfg
226 Directory send OK.
ftp> mput test.file
mput test.file? y
227 Entering Passive Mode (192,168,10,10,175,253).
150 Ok to send data.
226 Transfer complete.
9 bytes sent in 6.5e-05 secs (138.46 Kbytes/sec)
ftp> ls
227 Entering Passive Mode (192,168,10,10,40,5).
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Desktop
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Documents
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Downloads
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Music
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Pictures
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Public
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Templates
drwxr-xr-x 2 0 0 6 Dec 02 08:31 Videos
-rw------- 1 0 0 1021 Dec 02 16:26 anaconda-ks.cfg
-rw-r--r-- 1 0 0 1072 Dec 02 08:27 initial-setup-ks.cfg
-rw-r--r-- 1 0 0 9 Dec 14 09:22 test.file
226 Directory send OK.
ftp>
15、在PC1服务器端检查
[root@PC1 ~]# pwd
/root
[root@PC1 ~]# ls
anaconda-ks.cfg Documents initial-setup-ks.cfg Pictures Templates Videos
Desktop Downloads Music Public test.file
[root@PC1 ~]# cat test.file
i am pc2
16、在PC2客户端切换为普通用户登录,进行测试
[root@PC1 home]# su - linuxprobe
Last login: Wed Dec 2 16:29:48 CST 2020 on :0
[linuxprobe@PC1 ~]$ pwd
/home/linuxprobe
[linuxprobe@PC1 ~]$ ls
Desktop Downloads Pictures Templates xxx.txt
Documents Music Public Videos
[linuxprobe@PC1 ~]$ echo 'i am pc1' > pc1.file
[linuxprobe@PC1 ~]$ ls
Desktop Downloads pc1.file Public Videos
Documents Music Pictures Templates xxx.txt
## 创建测试文件
[root@PC2 test]# echo 'i am pc2' > pc2.file
[root@PC2 test]# ls
pc2.file
[root@PC2 test]# ftp 192.168.10.10
Connected to 192.168.10.10 (192.168.10.10).
220 (vsFTPd 3.0.2)
Name (192.168.10.10:root): linuxprobe ## 普通用户登录
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,10,10,146,66).
150 Here comes the directory listing.
drwxr-xr-x 2 1000 1000 6 Dec 02 08:30 Desktop
drwxr-xr-x 2 1000 1000 6 Dec 02 08:29 Documents
drwxr-xr-x 2 1000 1000 6 Dec 02 08:29 Downloads
drwxr-xr-x 2 1000 1000 6 Dec 02 08:29 Music
drwxr-xr-x 2 1000 1000 6 Dec 02 08:29 Pictures
drwxr-xr-x 2 1000 1000 6 Dec 02 08:29 Public
drwxr-xr-x 2 1000 1000 6 Dec 02 08:29 Templates
drwxr-xr-x 2 1000 1000 6 Dec 02 08:29 Videos
-rw-rw-r-- 1 1000 1000 9 Dec 14 09:28 pc1.file
-rw-r--r-- 1 0 0 0 Dec 14 09:10 xxx.txt
226 Directory send OK.
ftp> mget pc1.file ## 从服务器端获取文件
mget pc1.file? y
227 Entering Passive Mode (192,168,10,10,137,22).
150 Opening BINARY mode data connection for pc1.file (9 bytes).
226 Transfer complete.
9 bytes received in 2.3e-05 secs (391.30 Kbytes/sec)
ftp> mput pc2.file ## 向服务器端传输文件
mput pc2.file? y
227 Entering Passive Mode (192,168,10,10,68,128).
150 Ok to send data.
226 Transfer complete.
9 bytes sent in 3.7e-05 secs (243.24 Kbytes/sec)
ftp> exit
221 Goodbye.
[root@PC2 test]# ls ## 从服务器端获取的文件
pc1.file pc2.file
[root@PC2 test]# cat pc1.file
i am pc1
[linuxprobe@PC1 ~]$ ls ## 传输至服务器端的文件
Desktop Downloads pc1.file Pictures Templates xxx.txt
Documents Music pc2.file Public Videos
[linuxprobe@PC1 ~]$ cat pc2.file
i am pc2
[linuxprobe@PC1 ~]$ pwd
/home/linuxprobe
匿名用户模式和本地用户模式的区别:
匿名用户模式任何人都可以登录,登录点是 /var/ftp。
本地用户模式只有服务器端已经存在的用户才能登录, 登录点是对应用户的家目录。
本地用户只有在用户存在下才能登录,而且需要密码登录,因此相对于匿名用户,本地用户模式更安全。