Linux 服务器安装vsftp

服务器安装vsftp

建立映射帐号

useradd  -s /sbin/nologin ftpuser
chmod 755 /home/ftpuser/

进入ftp配置文件目录

cd /etc/vsftpd/
vim v_user

写上用户名和密码, 一行用户 一行密码
hahabao
passwd
生成用户db文件

db_load -T -t hash -f v_user /etc/vsftpd/v_user.db

安全考虑,设定权限600

chmod 600 /etc/vsftpd/v_user.db

创建用户认证文件 注意系统是64还是32

vim /etc/pam.d/vsftpd.vu
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/v_user
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/v_user

vsftpd 配置文件修改

listen_port=2121
userlist_enable=YES
tcp_wrappers=YES

pasv_enable=YES
pasv_min_port=40000
pasv_max_port=40010

local_enable=YES
write_enable=YES
local_umask=022

xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES

idle_session_timeout=600

pam_service_name=vsftpd.vu
userlist_enable=YES
userlist_file=/etc/vsftpd/user_list
tcp_wrappers=YES

guest_enable=YES
guest_username=ftpuser
user_config_dir=/etc/vsftpd/ftpuser_conf_dir

创建用户配置目录

mkdir /etc/vsftpd/ftpuser_conf_dir

给每个用户创建单独配置权限: (命名为用户名)注意,把目录路径放在第一条

local_root=/data/kaola
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
#创建FTP 加密方式连接
#修改配置文件, 添加 ssh支持
ssl_ciphers=AES256-SHA
ssl_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
force_local_logins_ssl=YES
force_local_data_ssl=YES
rsa_cert_file=/etc/vsftpd/sslkey/vsftpd_key.pem

①.建立一个用于存放证书的目录。

mkdir /etc/vsftpd/sslkey

②.生成证书

cd /etc/vsftpd/sslkey
openssl req -new -x509 -nodes -out vsftpd_key.pem -keyout vsftpd_key.pem

[root@osntsz sslkey]# openssl req -new -x509 -nodes -out vsftpd_key.pem -keyout vsftpd_key.pem
Generating a 2048 bit RSA private key
..............+++
......................................................................................................................................+++
writing new private key to 'vsftpd_key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:xin
Locality Name (eg, city) [Default City]:sz
Organization Name (eg, company) [Default Company Ltd]:xin
Organizational Unit Name (eg, section) []:xin
Common Name (eg, your name or your server's hostname) []:xin.com
Email Address []:xintest@1440.com

其中Common Name必须是FTP主机的FQDN
③.为了安全修改证书存放目录

chmod 400 /etc/vsftpd/sslkey/

启动报错解决

vim /etc/vsftpd/vsftpd.conf
listen=YES     
/etc/rc.d/init.d/vsftpd  start /etc/vsftpd/vsftpd.conf

客户端连接错误

3

500 OOPS: cannot change directory:/home/ftpuser
命令行 运行: setsebool -P ftp_home_dir on
不行的话,
删除ftpuser 里面的root和user_list 里的root
最好关掉linux 的防火墙:chkconfig iptables off

无法上传报错
setenforce 0


Leave a Comment