宜蘭縣教育支援平台 會員登入 會員註冊 我的i教書

FTP Server 在傳輸資料時都是使用明碼,沒有加密傳輸,使用 SSL/TLS 加密傳輸,可以使 FTP Server 在傳輸資料時更加安全。
參考網頁:
Vsftpd Over SSL/TLS使用加密傳輸:::iThome Download-你要的軟體在這裡:::

1. 安裝 openssl / vsftpd 套件
# yum install openssl vsftpd

2. 建立憑證
# openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout /etc/pki/tls/certs/vsftpd.pem -out /etc/pki/tls/certs/vsftpd.pem
Generating a 1024 bit RSA private key
..++++++
.....++++++
writing new private key to '/etc/pki/tls/certs/vsftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [TW]:
State or Province Name (full name) [Yilan]:
Locality Name (eg, city) [TouCheng]:
Organization Name (eg, company) [Elementary School]:
Organizational Unit Name (eg, section) [Proxy Server]:FTP Server
Common Name (eg, your name or your server's hostname) []:xxx.tces.ilc.edu.tw
Email Address []:xxx@gmail.com

 (閱讀全文)

一般使用者連線時出現 500 OOPS 的錯誤訊息
# lftp -u t850008 127.0.0.1
Password:
lftp t850008@127.0.0.1:~> ls
ls: Login failed: 500 OOPS: vsftpd: refusing to run with writable root inside chroot()

 (閱讀全文)

1. 安裝 vsftpd FTP Server
# yum install -y vsftpd

2. 修改設定檔 /etc/vsftpd/vsftpd.conf
# grep -v ^# /etc/vsftpd/vsftpd.conf
anonymous_enable=No
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/xferlog
idle_session_timeout=600
data_connection_timeout=120
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
allow_writeable_chroot=YES
listen=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

pasv_enable=YES
pasv_min_port=5000
pasv_max_port=6000
use_localtime=YES

 (閱讀全文)

1. 安裝 vsftpd FTP Server
# yum install -y vsftpd

2. 修改設定檔 /etc/vsftpd/vsftpd.conf
# grep -v ^# /etc/vsftpd/vsftpd.conf
anonymous_enable=No
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pasv_enable=YES
pasv_min_port=5000
pasv_max_port=6000
use_localtime=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

 (閱讀全文)

1. 搜尋套件
# apt-cache search proftpd | grep ^proftpd
proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries
proftpd-dev - Versatile, virtual-hosting FTP daemon - development files
proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation
proftpd-mod-geoip - Versatile, virtual-hosting FTP daemon - GeoIP module
proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module
proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module
proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module
proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module
proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module
proftpd-mod-autohost - ProFTPD module mod_autohost
proftpd-mod-case - ProFTPD module mod_case
proftpd-mod-dnsbl - ProFTPD module mod_dnsbl
proftpd-mod-fsync - ProFTPD module mod_fsync
proftpd-mod-msg - ProFTPD module mod_msg
proftpd-mod-tar - ProFTPD module mod_tar

2. 進行安裝
# apt-get install proftpd
standalone 方式啟動,效能會比較好

 (閱讀全文)

雖然是不太好的習慣,不過可以用 root 身份登入方便許多。
1. 修改 /usr/local/etc/proftpd.conf 設定檔
# vim /usr/local/etc/proftpd.conf
加入
# 讓 root 身份可以登入
RootLogin on
# 讓 root 可以自由切換到其它目錄
DefaultRoot ~ !wheel

2. 重新啟動 ProFTPD Server
# kill -HUP `ps aux | grep proftpd | grep -v grep | awk '{print $2}'`

 (閱讀全文)

在 FreeBSD 上執行時偶爾出現如下的錯誤訊息
# /usr/local/sbin/proftpd
2016-06-26 10:56:58,850 freebsd proftpd[730]: warning: unable to determine IP address of 'freebsd'
2016-06-26 10:56:58,850 freebsd proftpd[730]: error: no valid servers configured
2016-06-26 10:56:58,850 freebsd proftpd[730]: fatal: error processing configuration file '/usr/local/etc/proftpd.conf'

看錯誤訊息似乎和 IP 有關,因為目前是使用 DHCP Server 自動取得 IP

 (閱讀全文)

在 FreeBSD 上安裝和 FreeNAS 及 NAS4Free 相同的 FTP Server。
1. 安裝 ProFTPD Server
# pkg install proftpd

2. 設定檔位置 /usr/local/etc/proftpd.conf
# grep -v -E '^#|^$' /usr/local/etc/proftpd.conf
ServerName                      "ProFTPD Default Installation"
ServerType                      standalone
DefaultServer                   on
ScoreboardFile          /var/run/proftpd/proftpd.scoreboard
Port                            21
UseIPv6                         on
Umask                           022
MaxInstances                    30
CommandBufferSize       512
User                            nobody
Group                           nogroup
DefaultRoot ~ !
AllowOverwrite          on
<Limit SITE_CHMOD>
  DenyAll
</Limit>
  ### We want clients to be able to login with "anonymous" as well as "ftp"
  # UserAlias                   anonymous ftp
  ### Limit the maximum number of anonymous logins
  # MaxClients                  10
  ### We want 'welcome.msg' displayed at login, and '.message' displayed
  ### in each newly chdired directory.
  # DisplayLogin                        welcome.msg
  # DisplayFirstChdir           .message
  ### Limit WRITE everywhere in the anonymous chroot
  # <Limit WRITE>
  #   DenyAll
  # </Limit>

 (閱讀全文)

在建立 PXE Server 時,有透過 FTP 的方式來網路安裝 Linux,是使用 ln -s(Symbolic Link) 的方式來連結。
# ln -s /var/www/html/CentOS /var/ftp/CentOS

但建立完之後,使用 ftp 連線時,卻發現無法切換到 CentOS 目錄,出現 550 Failed to change directory 的錯誤訊息
# lftp 192.168.1.6
lftp 192.168.1.6:~> ls
lrwxrwxrwx    1 0        0              20 Jan 08 09:31 CentOS -> /var/www/html/CentOS
drwxr-xr-x    2 0        0            4096 Jan 08 09:29 Linux
drwxr-xr-x    2 0        0            4096 Jan 06 19:16 pub
lftp 192.168.1.6:/> cd CentOS/
cd: Access failed: 550 Failed to change directory. (/CentOS)
lftp 192.168.1.6:/> bye

 (閱讀全文)

vsftpd FTP Server 的被動模式
# vim /etc/vsftpd/vsftpd.conf
加入下面三行
pasv_enable=YES
pasv_min_port=60000
pasv_max_port=61000

重新啟動 vsftpd FTP Server
# service vsftpd restart
正在關閉 vsftpd:                                          [  確定  ]
正在啟動 vsftpd 中的 vsftpd:                              [  確定  ]

 (閱讀全文)