Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "Centos8's method of configuring FTPs through VSFTPD". In the actual case operation process, many people will encounter such difficulties. Next, let Xiaobian lead you to learn how to deal with these situations! I hope you can read carefully and learn something!

vsftpd stands for "very secure FTP daemon," and security is one of its biggest features. vsftpd is the name of a server that runs on UNIX-like operating systems such as Linux, BSD, Solaris, HP-UNIX, etc. It is a completely free, open-source ftp server software that supports many features that other FTP servers do not support.

system environment

Centos8

create user

Users need to be created to access FTP servers. Execute the following command to create users and set their passwords, using the-s option when creating users to disable shell logins for both users:

[root@localhost ~]# useradd -s /sbin/nologin user01[root@localhost ~]# useradd -s /sbin/nologin user02[root@localhost ~]# echo '123'|passwd --stdin user01Changing password for user user01.passwd: all authentication tokens updated successfully. [root@localhost ~]# echo '123'| passwd --stdin user02Changing password for user user02.passwd: all authentication tokens updated successfully. Edit/etc/shells configuration file

After the shell of the above user is set to/sbin/nologin, you need to add/sbin/nologin to the/etc/shells file, otherwise the ftp user will prompt Login failed: 530 Login incorrect.

[root@localhost ~]# echo "/sbin/nologin" >> /etc/shells[root@localhost ~]# cat /etc/shells/bin/sh/bin/bash/usr/bin/sh/usr/bin/bash/sbin/nologin Install VSFTPD

Install vsftpd using the following command:

[root@localhost ~]# yum -y install vsftpd Create a self-signed certificate

Create a self-signed certificate for the FTP server. Using the openssl command, execute the following command to generate a self-signed certificate and private key:

[root@localhost ~]# openssl req -x509 -nodes -keyout /etc/vsftpd/vsftpd.key -out /etc/vsftpd/vsftpd.pem -days 365 -newkey rsa:2048Generating a RSA private key..+++++..............................................+++++ writing new private key to '/etc/vsftpd/vsftpd.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '. ', the field will be left blank.----- Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:ShandongLocality Name (eg, city) [Default City]:QDOrganization Name (eg, company) [Default Company Ltd]:LinuxprobeOrganizational Unit Name (eg, section) []:Common Name (eg, your name or your server's hostname) []: Email.linuxprobe. comAddress []: Configure VSFTPD service support chroot and SSL

Add the users user01 and user02 created above to the/etc/vsftpd/user_list file and only allow ftp logins for users in that file.

[root@localhost vsftpd]# vim /etc/vsftpd/user_list# vsftpd userlist# If userlist_deny=NO, only allow users in this file# If userlist_deny=YES (default), never allow users in this file, and# do not even prompt for a password.# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers# for users that are denied.rootbindaemonadmlpsyncshutdownhaltmailnewsuucpoperatorgamesnobodyuser01user02

Edit/etc/vsftpd/vsftpd.conf below. Backup the configuration file before editing:

[root@localhost vsftpd]# cd /etc/vsftpd/[root@localhost vsftpd]# cp -p vsftpd.conf vsftpd.conf.back

Edit the vsftpd.conf file. The configuration file reads as follows:

[root@localhost vsftpd]# vim vsftpd.conf[root@localhost vsftpd]# cat vsftpd.conf | grep -Ev '(^$|^#)'anonymous_enable=NOlocal_enable=YESwrite_enable=YESlocal_umask=022dirmessage_enable=YESxferlog_enable=YESconnect_from_port_20=YESxferlog_std_format=YESlisten=NOlisten_ipv6=YESpam_service_name=vsftpduserlist_enable=YESuserlist_deny=NOssl_enable=YESssl_sslv2=NOssl_sslv3=NOssl_tlsv1_2=YESrsa_cert_file=/etc/vsftpd/vsftpd.pemrsa_private_key_file=/etc/vsftpd/vsftpd.keyallow_anon_ssl=NOforce_local_data_ssl=YESforce_local_logins_ssl= YESrequire_ssl_reuse=NOssl_ciphers=HIGHpasv_min_port=30000pasv_max_port=31000debug_ssl=YESchroot_local_user=YESlocal_root=/var/www/html/$USERallow_writable_chroot=YES Start Service

The following enables and starts the service:

[root@localhost ~]# systemctl enable vsftpdCreated symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service ¡ú /usr/lib/systemd/system/vsftpd.service. [root@localhost ~]# systemctl start vsftpd setup firewall [root@localhost ~]# firewall-cmd --permanent --add-service=ftpsuccess[root@localhost ~]# firewall-cmd --reloadsuccess setup SELinux

Set the boolean value of selinux below. By default, the security context of/var/www/html directory is httpd_sys_content_t. Users may have permission problems when uploading and downloading using ftp, so set the selinux settings related to ftp below:

[root@localhost ~]# setsebool -P ftpd_full_access 1[root@localhost ~]# getsebool ftpd_full_accessftpd_full_access --> on Create ftp user's directory

Create the user's directory in/var/www/html directory and set permissions.

[root@localhost ~]# mkdir /var/www/html/user0{1.. 2}[root@localhost ~]# chown -R user01:apache /var/www/html/user01/[root@localhost ~]# chown -R user02:apache /var/www/html/user02/

Create an empty file in each directory. After you log in, you can distinguish between user home directories:

[root@localhost ~]# touch /var/www/html/user01/user01_files[root@localhost ~]# touch /var/www/html/user02/user02_files

access to the FTP server

Download the lftp command line client for connection testing:

[root@localhost ~]# yum -y install lftp

Log in with user01:

[root@localhost ~]# lftp user01@localhostPassword:lftp user01@localhost:~> ls ls: Fatal error: Certificate verification: Not trusted (01:3E:A2:1B:39:E9:BE:DB:55:1F:C3:71:34:6F:B6:8E:E2:D0:2C:8C)

The above prompt is incorrect because it is a self-signed certificate. You can override the certificate by executing the following command:

[root@localhost ~]# echo "set ssl:verify-certificate no" >> /etc/lftp.conf

Run the lftp command again and log in using user01:

[root@localhost ~]# lftp user01@localhostPassword:lftp user01@localhost:~> ls -rw-r--r-- 1 0 0 0 Apr 07 09:42 user01_files

Use user02 to log in and see:

[root@localhost ~]# lftp user02@localhostPassword:lftp user02@localhost:~> ls -rw-r--r-- 1 0 0 0 Apr 07 09:42 user02_files"Centos8 How to configure FTPs through VSFTPD" is introduced here. Thank you for reading it. If you want to know more about industry-related knowledge, you can pay attention to the website. Xiaobian will output more high-quality practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.