Linux_配置认证访问FTP服务
【RHEL8】—FTPserver;【Centos8】—FTPclient
!!!测试环境我们首关闭防火墙和selinux(FTPserver和FTPclient都需要)
[root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl disable firewalld [root@localhost ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config [root@localhost ~]# reboot
一、配置FTP服务端
1、查看一下服务端IP
[root@FTPserver ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:fa:c0:f0 brd ff:ff:ff:ff:ff:ff
inet 192.168.121.10/24 brd 192.168.121.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::a101:bf00:d10e:9788/64 scope link noprefixroute
valid_lft forever preferred_lft forever
2、安装vsftpd服务
//首先查看是否安装vsftpd服务 [root@FTPserver ~]# rpm -qa | grep vsftpd //安装vsftpd服务 [root@FTPserver ~]# yum install -y vsftpd ............ Running transaction Preparing : 1/1 Installing : vsftpd-3.0.3-28.el8.x86_64 1/1 Running scriptlet: vsftpd-3.0.3-28.el8.x86_64 1/1 Verifying : vsftpd-3.0.3-28.el8.x86_64 1/1 Installed products updated. Installed: vsftpd-3.0.3-28.el8.x86_64 Complete!
3、启动vsftpd服务
[root@FTPserver ~]# systemctl start vsftpd
[root@FTPserver ~]# systemctl enable vsftpd
Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.
//查看vsftpd状态及端口
[root@FTPserver ~]# systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2020-08-23 15:12:55 CST; 31s ago
Main PID: 14612 (vsftpd)
Tasks: 1 (limit: 11340)
Memory: 552.0K
CGroup: /system.slice/vsftpd.service
└─14612 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
Aug 23 15:12:55 FTPserver systemd[1]: Starting Vsftpd ftp daemon...
Aug 23 15:12:55 FTPserver systemd[1]: Started Vsftpd ftp daemon.
[root@FTPserver ~]# ss -antlp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1020,fd=4))
LISTEN 0 32 *:21 *:* users:(("vsftpd",pid=14612,fd=3))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=1020,fd=6))
4、创建可登陆的用户lisi
[root@FTPserver ~]# useradd lisi [root@FTPserver ~]# echo "123" |passwd --stdin lisi Changing password for user lisi. passwd: all authentication tokens updated successfully.
5、切换至普通用户,创建可上传、可下载的文件
[root@FTPserver ~]# su - lisi [lisi@FTPserver ~]$ mkdir upload [lisi@FTPserver ~]$ touch lisifile.txt [lisi@FTPserver ~]$ echo "this is my ftp file" > lisifile.txt
6、设置文件的权限
[root@FTPserver ~]# chmod u-w /home/lisi/ [root@FTPserver ~]# chmod -R 700 /home/lisi/upload/
7、修改/etc/vsftpd/vsftpd.conf文件
[root@FTPserver ~]# vim /etc/vsftpd/vsftpd.conf .......... anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES idle_session_timeout=600 //取消改行前面的注释 data_connection_timeout=120 //取消注释 ftpd_banner=Welcome to blah FTP service. //取消注释 listen=NO listen_ipv6=YES pam_service_name=vsftpd userlist_enable=YES
8、重启vsftpd服务
[root@FTPserver ~]# systemctl restart vsftpd
[root@FTPserver ~]# ss -antpl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1020,fd=4))
LISTEN 0 32 *:21 *:* users:(("vsftpd",pid=14765,fd=3))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=1020,fd=6))
FTP服务端到这就简单配置完成!
二、FTP客户端配置
1、安装ftp客户端工具
//首先查看是否安装ftp工具 [root@FTPclient ~]# rpm -qa | grep ftp //安装Ftp客户端工具 [root@FTPclient ~]# yum install -y ftp ........... Running transaction Preparing : 1/1 Installing : ftp-0.17-78.el8.x86_64 1/1 Running scriptlet: ftp-0.17-78.el8.x86_64 1/1 Verifying : ftp-0.17-78.el8.x86_64 1/1 Installed: ftp-0.17-78.el8.x86_64 Complete!
2、客户端连接服务端,进行测试
//首先准备上传的文件 [root@FTPclient ~]# touch upfile [root@FTPclient ~]# echo "test file" >upfile //连接服务端 [root@FTPclient ~]# ftp 192.168.121.10 Connected to 192.168.121.10 (192.168.121.10). 220 Welcome to blah FTP service. Name (192.168.121.10:root): lisi //输入用户名lisi 331 Please specify the password. Password: //输入密码123(刚刚在服务端创建的) 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls //查看有哪些文件或目录 227 Entering Passive Mode (192,168,121,10,138,212). 150 Here comes the directory listing. -rw-rw-r-- 1 1000 1000 20 Aug 23 07:19 lisifile.txt drwx------ 2 1000 1000 6 Aug 23 07:19 upload 226 Directory send OK. ftp> get lisifile.txt //下载文件 local: lisifile.txt remote: lisifile.txt 227 Entering Passive Mode (192,168,121,10,197,120). 150 Opening BINARY mode data connection for lisifile.txt (20 bytes). 226 Transfer complete. 20 bytes received in 4.3e-05 secs (465.12 Kbytes/sec) ftp> put upfile upload/upfile //上传文件 local: upfile remote: upload/upfile 227 Entering Passive Mode (192,168,121,10,194,151). 150 Ok to send data. 226 Transfer complete. 10 bytes sent in 0.000177 secs (56.50 Kbytes/sec) ftp> exit
三、在wendows资源管理器上访问服务端
