热门标签
热门文章
- 1SQLlite操作指南_sqllite使用
- 2Windows:cmd(或DOS)中常用的命令(下)_cmd命令date命令
- 3布隆过滤器(Bloom Filter)、布谷鸟过滤器(Cuckoo Filter)、商过滤器(quotient filter)(持续更新~~~~)
- 4mysql DDL 建表语句结构导出到EXCEL_ddl语句转成excel
- 5oracle数据库回滚操作,执行撤销_oracle撤回上一条
- 6【华为OD】C卷真题 100分:密码解密 Python代码实现[思路+代码]_给定一段密文字符串s,其中字符都经过密码本
- 7Java实现office办公文档在线预览(word、excel、ppt、txt等)_java实现文件预览编辑功能
- 8所谓云原生应用的概念理解_云基(cloud-based)应用,云原生(cloud-native)应用
- 9Python经典实例:约瑟夫生者死者小游戏_30个人在一条船上需要15人下去数到9的下船
- 10如何从GitHub上下载一个项目中的单个文件或者子文件夹_windows github怎么下载一个文件夹
当前位置: article > 正文
FTP_ftp server
作者:很楠不爱3 | 2024-04-17 02:55:33
赞
踩
ftp server
简介
FTP:File Transfer Protocol 文件传输协议;它工作在 OSI 模型的第七层, TCP 模型的第四层, 即应用层, 使用 TCP 传输而不是 UDP, 客户在和服务器建立连接前要经过一个“三次握手”的过程, 保证客户与服务器之间的连接是可靠的, 而且是面向连接, 为数据传输提供可靠保证。
作用
提供文件共享服务,互联网上多数媒体资源和软件资源,大多数都是通过FTP服务器传递。
双通道协议
命令和数据连接
模式
从服务器角度
- 主动(PORT sytle):服务器主动连接
- 命令(控制):客户端:随机port >>> 服务器:tcp21
- 数据:客户端:随机port <<< 服务器:tcp20
- 被动(PASV style):客户端主动连接
- 命令(控制):客户端:随机port >>> 服务器:tcp21
- 数据:客户端:客户端:随机port >>> 服务器:随机port
软件
FTP服务器:vsftpd
FTP客户端:ftp、lftp、wget、curl
状态码
1XX:信息 125:数据连接打开
2XX:成功类状态 200:命令OK 230:登录成功
3XX:补充类 331:用户名OK
4XX:客户端错误 425:不能打开数据连接
5XX:服务器错误 530:不能登录
用户认证
- 匿名用户:
ftp,anonymous,对应Linux用户ftp;
映射为系统用户FTP,共享文件位置:/var/ftp;见下方实验一
- 系统用户:
Linux用户,用户/etc/passwd,密码/etc/shadow
共享文件位置:用户家目录;见下方实验一
- 虚拟用户:
特定服务的专用用户,独立的用户/密码文件
共享文件位置:为其映射的系统用户的家目录
配置文件
| 路径 | 说明 |
| /etc/vsftpd/vsftpd.conf | ftp配置文件 |
| /usr/sbin/vsftpd | ftp主程序 |
| /etc/rc.d/init.d/vsftpd | ftp启动程序 |
| /etc/pam.d/vsftpd | PAM认证文件(此文件中file=/etc/vsftpd/ftpusers字段,指明阻止访问的用户来自/etc/vsftpd/ftpusers文件中的用户) |
| /etc/vsftpd/ftpusers | 禁止使用vsftpd的用户列表文件。记录不允许访问FTP服务器的用户名单,管理员可以把一些对系统安全有威胁的用户账号记录在此文件中,以免用户从FTP登录后获得大于上传下载操作的权利,而对系统造成损坏。 |
| /etc/vsftpd/user_list | 禁止或允许使用vsftpd的用户列表文件。这个文件中指定的用户缺省情况(即在/etc/vsftpd/vsftpd.conf中设置userlist_deny=YES)下也不能访问FTP服务器,在设置了userlist_deny=NO时,仅允许user_list中指定的用户访问FTP服务器。 |
| /var/ftp | 匿名用户主目录;本地用户主目录为:/home/用户主目录,即登录后进入自己家目录 |
| /var/ftp/pub | 匿名用户的下载目录,此目录需赋权根chmod 1777 pub(1为特殊权限,使上载后无法删除) |
| /etc/logrotate.d/vsftpd.log | vsftpd的日志文件 |
/etc/vsftpd/vsftpd.conf 默认配置说明
- #是否启用匿名用户
- anonymous_enable=NO
- #是否允许Linux用户登录
- local_enable=YES
- #全局设置,是否允许写入(无论是本地用户还是匿名用户,若要启用上传功能,需要开启)
- write_enable=YES
- #本地用户上传文件的umask
- local_umask=022
- #匿名用户是否可以上传文件(非目录)
- anon_upload_enable=YES
- #匿名用户是否可以创建文件夹
- anon_mkdir_write_enable=YES
- #允许为目录配置显示信息,显示每个目录下的message_file文件的内容
- dirmessage_enable=YES
- #开启日记功能
- xferlog_enable=YES
- #使用端口20连接ftp
- connect_from_port_20=YES
- #所有匿名用户上传的文件的所属用户将会被更改成chown_username
- chown_uploads=YES
- #匿名用户上传文件所属用户名
- chown_username=whoever
- #日志文件位置
- xferlog_file=/var/log/xferlog
- #日志文件使用标准格式
- xferlog_std_format=YES
- #用户会话空闲600秒后中断
- idle_session_timeout=600
- #数据连接空闲120秒后中断
- data_connection_timeout=120
- #当服务器运行于最底层时使用的用户名
- nopriv_user=ftpsecure
- #
- async_abor_enable=YES
- #优先以文本方式传输 不建议开启
- ascii_upload_enable=YES
- #优先以文本方式传输 不建议开启
- ascii_download_enable=YES
- #登录时显示欢迎信息,如果设置了banner_file,则此设置无效
- ftpd_banner=Welcome to blah FTP service.
- #
- deny_email_enable=YES
- #
- banned_email_file=/etc/vsftpd/banned_emails
- #是否禁止用户离开设置的根目录
- chroot_local_user=YES
- #如果启动这项功能,则所有列在chroot_list_file之中的使用者不能更改根目录
- chroot_list_enable=YES
- #指出被锁定/允许 在自家目录中的用户的列表文件
- #chroot_list_file=/etc/vsftpd/chroot_list
- #是否能使用ls -R命令以防止浪费大量的服务器资源
- #ls_recurse_enable=YES
- #是否监听IPV4
- listen=NO
- #是否监听IPV6
- listen_ipv6=YES
- #设置PAM使用的名称,默认值为/etc/pam.d/vsftpd
- pam_service_name=vsftpd
- #限制了/etc/vsftpd/user_list文件里的用户不能访问
- userlist_enable=YES
常用配置
- 命令端口
listen_port=21
- 主动模式端口
connect_from_port_20=YES 主动模式端口为20
ftp_data_port=20 (默认) 指定主动模式的端口
- 被动模式端口范围
linux 客户端默认使用被动模式
windows 客户端默认使用主动模式
pasv_min_port=6000 0为随机分配
pasv_max_port=6010
- 使用当地时间
use_localtime=YES 使用当地时间(默认为NO,使用GMT)
- 匿名用户
anonymous_enable=YES 支持匿名用户
no_anon_password=YES(默认NO) 匿名用户略过口令检查
anon_world_readable_only (默认YES)只能下载全部读的文件
anon_upload_enable=YES 匿名上传,注意:文件系统权限,不能给ftp根目录权限,只能给子目录权限
anon_mkdir_write_enable=YES 匿名建目录
anon_umask=077 指定匿名上传文件的umask
anon_other_write_enable=YES 可删除和修改上传的文件
指定上传文件的默认的所有者和权限
chown_uploads=YES(默认NO)
chown_username=用户名
chown_upload_mode=0644
- Linux系统用户
guest_enable=YES 所有系统用户都映射成guest用户,
guest_username=ftp 默认项,可不写;配合上面选项才生效,指定guest用户;见实验二
local_enable=YES 是否允许linux用户登录
write_enable=YES 允许linux用户上传文件
local_umask=022 指定系统用户上传文件的默认权限
local_root=/ftproot guest用户登录所在目录
- 禁锢所有系统用户在家目录中
chroot_local_user=YES(默认NO,不禁锢)禁锢系统用户
- 禁锢或不禁锢特定的系统用户在家目录中,与上面设置功能相反
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
当chroot_local_user=YES时,则chroot_list中用户不禁锢
当chroot_local_user=NO时,则chroot_list中用户禁锢
- wu-ftp日志:默认启用
xferlog_enable=YES (默认) 启用记录上传下载日志
xferlog_std_format=YES (默认) 使用wu-ftp日志格式
xferlog_file=/var/log/xferlog (默认)可自动生成
- vsftpd日志:默认不启用
dual_log_enable=YES 使用vsftpd日志格式,默认不启用
vsftpd_log_file=/var/log/vsftpd.log(默认)可自动生成
- 登录提示信息
dirmessage_enable=YES (默认)
message_file=.message(默认) 信息存放在指定目录下.message
- 使用pam(Pluggable Authentication Modules)完成用户认证
pam_service_name=vsftpd
pam配置文件:/etc/pam.d/vsftpd
/etc/vsftpd/ftpusers 默认文件中用户拒绝登录
- 是否启用控制用户登录的列表文件
userlist_enable=YES 默认有此设置
userlist_deny=YES(默认值) 黑名单,不提示口令,NO为白名单
userlist_file=/etc/vsftpd/users_list 此为默认值
- vsftpd服务指定用户身份运行
nopriv_user=nobody (默认值)
- 连接数限制
max_clients=0 最大并发连接数
max_per_ip=0 每个IP同时发起的最大连接数
- 传输速率:字节/秒
anon_max_rate=0 匿名用户的最大传输速率
local_max_rate=0 本地用户的最大传输速率
- 连接时间:秒为单位
connect_timeout=60 主动模式数据连接超时时长
accept_timeout=60 被动模式数据连接超时时长
data_connection_timeout=300 数据连接无数据输超时时长
idle_session_timeout=60 无命令操作超时时长
- 优先以文本方式传输;不建议开启
ascii_upload_enable=YES
ascii_download_enable=YES
实验
关闭防火墙和Selinux
| fs(192.168.29.131) | centos7 | FTP服务器 |
| ftpServer(192.168.29.141) | centos8 | FTP服务器 |
| wenzi(192.168.29.142) | centos8 | 客户端 |
注意
centos7默认支持匿名(anonymous)用户登录
centos8默认不支持匿名(anonymous)用户登录
实验一:默认共享目录的区别
centos7
- [root@fs ~]# yum -y install vsftpd
- [root@fs ~]# systemctl start vsftpd
- [root@fs ~]# ss -tnlp
- State Recv-Q Send-Q Local Address:Port Peer Address:Port
- LISTEN 0 128 *:22 *:* users:(("sshd",pid=1014,fd=3))
- LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1175,fd=13))
- LISTEN 0 32 [::]:21 [::]:* users:(("vsftpd",pid=1350,fd=4))
- LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=1014,fd=4))
- LISTEN 0 100 [::1]:25 [::]:* users:(("master",pid=1175,fd=14))
通过wenzi访问fs,匿名登录仍需要输入 anonymous 或 ftp
- [root@wenzi ~]#ftp 192.168.29.131
- Connected to 192.168.29.131 (192.168.29.131).
- 220 (vsFTPd 3.0.2)
- Name (192.168.29.131:root): anonymous
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> ls
- 227 Entering Passive Mode (192,168,29,131,123,46).
- 150 Here comes the directory listing.
- drwxr-xr-x 2 0 0 6 Jun 09 2021 pub
- 226 Directory send OK.
- ftp> pwd
- 257 "/"
- ftp> exit
- 221 Goodbye.
通过windows访问fs
centos8
- #安装vsftpd
- [root@ftpServer ~]#yum -y install vsftpd
- #启动ftp
- [root@ftpServer ~]#systemctl enable --now vsftpd
- Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.
- #查看端口号 21端口已打开
- [root@ftpServer ~]#ss -tnlp
- State Recv-Q Send-Q Local Address:Port Peer Address:Port
- LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=898,fd=4))
- LISTEN 0 32 *:21 *:* users:(("vsftpd",pid=1655,fd=3))
- LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=898,fd=6))
-
-
- #创建新用户张三
- [root@ftpServer ~]#useradd zhangsan
- [root@ftpServer ~]#echo "admin" | passwd --stdin zhangsan
- [root@ftpServer ~]#cd ~zhangsan
- [root@ftpServer zhangsan]#touch zs.txt
- [root@ftpServer zhangsan]#pwd
- /home/zhangsan
通过windows访问ftpServer
- [root@wenzi ~]#ftp 192.168.29.141
- Connected to 192.168.29.141 (192.168.29.141).
- 220 (vsFTPd 3.0.3)
- Name (192.168.29.141:root): anonymous
- 331 Please specify the password.
- Password:
- 530 Login incorrect.
- Login failed.
- ftp> ls
- 530 Please login with USER and PASS.
- Passive mode refused.
- ftp> exit
- 221 Goodbye.
使用zhangsan用户登录ftp
- [root@wenzi ~]#ftp 192.168.29.141
- Connected to 192.168.29.141 (192.168.29.141).
- 220 (vsFTPd 3.0.3)
- Name (192.168.29.141:root): zhangsan
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> ls
- 227 Entering Passive Mode (192,168,29,141,54,103).
- 150 Here comes the directory listing.
- -rw-r--r-- 1 0 0 0 Aug 01 13:49 zs.txt
- 226 Directory send OK.
- ftp> pwd
- 257 "/home/zhangsan" is the current directory
- ftp> exit
- 221 Goodbye.
修改vsftpd配置文件 vim /etc/vsftpd/vsftpd.conf ,开启匿名用户登录
重启vsftpd,再次通过windows访问ftpServer,可通过匿名登录
- [root@wenzi ~]#ftp 192.168.29.141
- Connected to 192.168.29.141 (192.168.29.141).
- 220 (vsFTPd 3.0.3)
- Name (192.168.29.141:root): anonymous
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> ls
- 227 Entering Passive Mode (192,168,29,141,118,252).
- 150 Here comes the directory listing.
- drwxr-xr-x 2 0 0 6 Apr 22 2021 pub
- 226 Directory send OK.
- ftp> pwd
- 257 "/" is the current directory
实验二:实现Linux用户上传下载功能
目标
- 禁止匿名用户登录,允许Linux用户登录
- 登录提示信息:“This is FTP Server”
- 将系统用户全部映射为guest用户并设置登录后所在目录为 /data/ftp,上传目录为 /data/ftp/upload
- 允许Linux用户下载、上传、新建目录、删除和修改上传的文件
- 指定系统用户上传文件的默认权限
- 启用vsftpd格式日志
ftp服务器配置
- [root@ftpServer ~]#vim /etc/vsftpd/vsftpd.conf
- # Example config file /etc/vsftpd/vsftpd.conf
- ...
- # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
- anonymous_enable=NO
- #
- # Uncomment this to allow local users to log in.
- local_enable=YES
- #
- # Uncomment this to enable any form of FTP write command.
- write_enable=YES
- #
- # Default umask for local users is 077. You may wish to change this to 022,
- # if your users expect that (022 is used by most other ftpd's)
- local_umask=022
- #
- ...
- # When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
- #anon_upload_enable=YES
- ...
- # go into a certain directory.
- dirmessage_enable=YES
- #
- ...
- # Make sure PORT transfer connections originate from port 20 (ftp-data).
- connect_from_port_20=YES
- #
- ...
- # with the listen_ipv6 directive.
- listen=NO
- #
- ...
- # Make sure, that one of the listen options is commented !!
- listen_ipv6=YES
-
- pam_service_name=vsftpd
- userlist_enable=YES
-
- ftpd_banner="This is FTP Server"
- guest_enable=YES
- anon_upload_enable=YES
- anon_mkdir_write_enable=YES
- anon_other_write_enable=YES
- local_root=/data/ftp
- dual_log_enable=YES
- vsftpd_log_file=/var/log/vsftpd.log
- [root@ftpServer ~]#mkdir /data/ftp -p
- [root@ftpServer ~]#mkdir /data/ftp/upload
- [root@ftpServer ~]#chmod 777 /data/ftp/upload/
- [root@ftpServer ~]#systemctl restart vsftpd.service
客户端测试
- [root@wenzi ~]#ll
- total 8
- -rw-r--r-- 1 root root 0 Aug 2 02:03 111.txt
- -rw-------. 1 root root 1279 May 15 01:30 anaconda-ks.cfg
- [root@wenzi ~]#ftp 192.168.29.141
- Connected to 192.168.29.141 (192.168.29.141).
- 220 "This is FTP Server"
- Name (192.168.29.141:root): zhangsan
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> ls
- 227 Entering Passive Mode (192,168,29,141,19,185).
- 150 Here comes the directory listing.
- -rw-r--r-- 1 0 0 0 Aug 01 18:02 sy2.txt
- drwxrwxrwx 2 0 0 6 Aug 01 21:14 upload
- 226 Directory send OK.
- ftp> pwd
- 257 "/" is the current directory
- #下载
- ftp> get sy2.txt
- local: sy2.txt remote: sy2.txt
- 227 Entering Passive Mode (192,168,29,141,119,145).
- 150 Opening BINARY mode data connection for sy2.txt (0 bytes).
- 226 Transfer complete.
- ftp> cd upload
- 250 Directory successfully changed.
- ftp> pwd
- 257 "/upload" is the current directory
- #上传
- ftp> put 111.txt
- local: 111.txt remote: 111.txt
- 227 Entering Passive Mode (192,168,29,141,153,176).
- 150 Ok to send data.
- 226 Transfer complete.
- ftp> ls
- 227 Entering Passive Mode (192,168,29,141,116,132).
- 150 Here comes the directory listing.
- -rw------- 1 14 50 0 Aug 01 21:17 111.txt
- 226 Directory send OK.
- ftp> help
- Commands may be abbreviated. Commands are:
-
- ! debug mdir sendport site
- $ dir mget put size
- account disconnect mkdir pwd status
- append exit mls quit struct
- ascii form mode quote system
- bell get modtime recv sunique
- binary glob mput reget tenex
- bye hash newer rstatus tick
- case help nmap rhelp trace
- cd idle nlist rename type
- cdup image ntrans reset user
- chmod lcd open restart umask
- close ls prompt rmdir verbose
- cr macdef passive runique ?
- delete mdelete proxy send
- #改名
- ftp> rename 111.txt 222.txt
- 350 Ready for RNTO.
- 250 Rename successful.
- ftp> ls
- 227 Entering Passive Mode (192,168,29,141,151,67).
- 150 Here comes the directory listing.
- -rw------- 1 14 50 0 Aug 01 21:17 222.txt
- 226 Directory send OK.
- #新建目录
- ftp> mkdir abc
- 257 "/upload/abc" created
- ftp> ls
- 227 Entering Passive Mode (192,168,29,141,124,143).
- 150 Here comes the directory listing.
- -rw------- 1 14 50 0 Aug 01 21:17 222.txt
- drwx------ 2 14 50 6 Aug 01 21:17 abc
- 226 Directory send OK.
- #删除目录
- ftp> rmdir abc
- 250 Remove directory operation successful.
ftp服务器端查看日志
- [root@ftpServer ftp]#cat /var/log/vsftpd.log
- ed Aug 2 05:15:56 2023 [pid 3426] CONNECT: Client "::ffff:192.168.29.142"
- Wed Aug 2 05:16:01 2023 [pid 3425] [zhangsan] OK LOGIN: Client "::ffff:192.168.29.142"
- Wed Aug 2 05:16:29 2023 [pid 3427] [zhangsan] OK DOWNLOAD: Client "::ffff:192.168.29.142", "/sy2.txt", 0.00Kbyte/sec
- Wed Aug 2 05:17:01 2023 [pid 3427] [zhangsan] OK UPLOAD: Client "::ffff:192.168.29.142", "/upload/111.txt", 0.00Kbyte/sec
- Wed Aug 2 05:17:33 2023 [pid 3427] [zhangsan] OK RENAME: Client "::ffff:192.168.29.142", "/upload/111.txt /upload/222.txt"
- Wed Aug 2 05:17:48 2023 [pid 3427] [zhangsan] OK MKDIR: Client "::ffff:192.168.29.142", "/upload/abc"
- Wed Aug 2 05:20:15 2023 [pid 3432] [zhangsan] OK RMDIR: Client "::ffff:192.168.29.142", "/upload/abc"
实验三:基于SSL的FTPS
- #Centos7 可以实现直接生成一个包括私钥和证书的文件
- #查看是否支持SSL
- [root@fs ~]# ldd `which vsftpd` | grep ssl
- libssl.so.10 => /lib64/libssl.so.10 (0x00007f8a15030000)
- [root@fs ~]# cd /etc/pki/tls/certs/
- [root@fs certs]# ll
- 总用量 12
- lrwxrwxrwx. 1 root root 49 5月 25 21:13 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
- lrwxrwxrwx. 1 root root 55 5月 25 21:13 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
- -rwxr-xr-x. 1 root root 610 8月 9 2019 make-dummy-cert
- -rw-r--r--. 1 root root 2516 8月 9 2019 Makefile
- -rwxr-xr-x. 1 root root 829 8月 9 2019 renew-dummy-cert
- #文件结尾是.pem的,即私钥和证书合二为一
- [root@fs certs]# make vsftpd.pem
- umask 77 ; \
- PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
- PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
- /usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 ; \
- cat $PEM1 > vsftpd.pem ; \
- echo "" >> vsftpd.pem ; \
- cat $PEM2 >> vsftpd.pem ; \
- rm -f $PEM1 $PEM2
- Generating a 2048 bit RSA private key
- ................................+++
- .......+++
- writing new private key to '/tmp/openssl.CGeh1N'
- -----
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name (2 letter code) [XX]:CN
- State or Province Name (full name) []:beijing
- Locality Name (eg, city) [Default City]:beijing
- Organization Name (eg, company) [Default Company Ltd]:wenzi
- Organizational Unit Name (eg, section) []:it
- Common Name (eg, your name or your server's hostname) []:wenzi.com
- Email Address []:youxiang@qq.com
- [root@fs certs]# ll
- 总用量 16
- lrwxrwxrwx. 1 root root 49 5月 25 21:13 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
- lrwxrwxrwx. 1 root root 55 5月 25 21:13 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
- -rwxr-xr-x. 1 root root 610 8月 9 2019 make-dummy-cert
- -rw-r--r--. 1 root root 2516 8月 9 2019 Makefile
- -rwxr-xr-x. 1 root root 829 8月 9 2019 renew-dummy-cert
- -rw------- 1 root root 3100 8月 2 00:10 vsftpd.pem
- #查看生成的私钥和证书合二为一的文件;上方是私钥,下方是证书
- [root@fs certs]# cat vsftpd.pem
- -----BEGIN PRIVATE KEY-----
- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCcCHH/tA+U8FmT
- 4/EQbCviOItC7Cs59fsUkoyeD7zxZFfs6Zk/HoErsFXtdzlMKHbPKjd1D7gfLZxM
- +UuoIIDX0abftraBTTA/AQ41pHAymBCFvxVPjJtW4HJ1verrQQK6ur+gaVpZY0ZY
- A9DBecy0Yi5hsu8lpdKmHYeRbm1Um0E3N7azCwjEWyd15fsU0aGis+NG8xkFGFgu
- Zu4dZsbxHPM6tvZw9EQC+Yg5QtTzEFZiRXpONmyAjcQQ5SmDb4d0ujqsv+qulhvn
- QTNim09ti96nzGpCCni3x400IOaBTXevpcC+2oqErof9gGE9X3clyhLV0TVaIay9
- g01jrwepAgMBAAECggEAYKLGX9SX9elpwTNiIIauIxxb+6WjG/GhgFtHJbmfjm1U
- G1GN7M6qt3EttrWpUeaZtrJxyFlk8kJgVDftyIHg6klZLaLOo4Q3xj2UHFrsdhlB
- 2mO/AhaWOpclrJBkBzGrTBTPC71UDJp0fZxXVQxnYKySB0Y34Lwzm1gcl1Cp+8R4
- X+nT0Fl3VKHH4VIJmvJNWnQpWPcgtIakl1/yRlgB0RFmw43rdMo/PDS4eJa/MHzd
- MQYThkDHhdH8P7RBhCANvUCGPKEr7MEiAkrSVG/FN76trH5KkqDnOVj+VY24Bad+
- HggwwH7uDShBvFIvMPvdf/flq/E5865EsBW27iz9AQKBgQDMKT70iqIa3DwQZ4db
- pzyVlG+9jFEyFsC62Bk6C7kcNoADmeSZPCtK/6wsV1c07MgcW5MWfhMmDtuWWjvX
- N7ckivOnRL0RHW/7Sf5mCWw+Q+5wp2bCdXT6KsawSX9ifpYlMH9M+qxMaW4ZZ7Ik
- /V2pi7Xjj1sjDDOmITKXbA78IQKBgQDDps4ESXa5m37V2JoUnVWFEnan9s/iE6Px
- VdiVDhm4OCyIDyRGUcfhpGLxpkw5+UbIy4WMj7IqIK2BKkL2MlsPh/G1CPDz+1EC
- 1FEiYsBKdAiNua6KS3/RUu6pn56y9WEstRY5r5vZyOQqagJpNmUGGIph7CgKVs8P
- 0rYy3jbaiQKBgQCoMJqCjur4wdJhmUhzgxRwDbb4Km6BmyjvRDOUFDBNQ8C2NsOS
- UXVA9dv7M4DOQvqgEfjcoMRZqAfSl0eRB39DBY2wkPpI7T1hgRWpLb4UlZYLDH2l
- WWoi5baFaCcfFzXOMWPOIPxsfraLC1hBDNFqaYRQkbr85oJuLA8nm4fEwQKBgAuV
- TI0kbEsA0bmHYVfnGLEQLsYy7ovL7eDT3Ea21v75FGnZu6QOI29QdCsqVUj5YR9y
- LS3tM/caiCslfWFmCc4Zlk3JgbpwHpO0Tjli7095HyiE3biCT8bsygRw1sxxipdD
- AVXY97klE50POaVQ+xopScgSWyyBhzDAoNjSHx1BAoGARArY69CrhrdIh4g1WI/7
- W965s7lLt3hCuKmBqnedF5L21o4c7CUEaIA3OBLCe/X5Q7+CzZoO/p9YUAIDzMVw
- OPtUVnGw5xv2cbtY5wZ3T48mbukOT9OIq9gtmCV84WFatDNojsc/pNhYBBWNi/Pu
- S5xGCYromjR80ssRs3jIIIo=
- -----END PRIVATE KEY-----
- -----BEGIN CERTIFICATE-----
- MIID2TCCAsGgAwIBAgIJAPoRcK5w6KzaMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
- VQQGEwJDTjEQMA4GA1UECAwHYmVpamluZzEQMA4GA1UEBwwHYmVpamluZzEOMAwG
- A1UECgwFd2VuemkxCzAJBgNVBAsMAml0MRIwEAYDVQQDDAl3ZW56aS5jb20xHjAc
- BgkqhkiG9w0BCQEWD3lvdXhpYW5nQHFxLmNvbTAeFw0yMzA4MDExNjEwMDNaFw0y
- NDA3MzExNjEwMDNaMIGCMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHYmVpamluZzEQ
- MA4GA1UEBwwHYmVpamluZzEOMAwGA1UECgwFd2VuemkxCzAJBgNVBAsMAml0MRIw
- EAYDVQQDDAl3ZW56aS5jb20xHjAcBgkqhkiG9w0BCQEWD3lvdXhpYW5nQHFxLmNv
- bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwIcf+0D5TwWZPj8RBs
- K+I4i0LsKzn1+xSSjJ4PvPFkV+zpmT8egSuwVe13OUwods8qN3UPuB8tnEz5S6gg
- gNfRpt+2toFNMD8BDjWkcDKYEIW/FU+Mm1bgcnW96utBArq6v6BpWlljRlgD0MF5
- zLRiLmGy7yWl0qYdh5FubVSbQTc3trMLCMRbJ3Xl+xTRoaKz40bzGQUYWC5m7h1m
- xvEc8zq29nD0RAL5iDlC1PMQVmJFek42bICNxBDlKYNvh3S6Oqy/6q6WG+dBM2Kb
- T22L3qfMakIKeLfHjTQg5oFNd6+lwL7aioSuh/2AYT1fdyXKEtXRNVohrL2DTWOv
- B6kCAwEAAaNQME4wHQYDVR0OBBYEFK/58aSYGbc7l7bDemVyakvFe4nDMB8GA1Ud
- IwQYMBaAFK/58aSYGbc7l7bDemVyakvFe4nDMAwGA1UdEwQFMAMBAf8wDQYJKoZI
- hvcNAQELBQADggEBAH0TSuhr9efKIVB9lpCRjBDyxQpTkkQYAb+QDBIGUfryHDje
- 2HJASg3EW7SKarzaDVkNdfGRtg5oHMbq44BxxR53j6kel1ZoP+PUz/TS6R5pAIDz
- OPrdN+xOQX6gVGoSKakVP71Zq/0/F/3dMCmwYRwIUTqIUkTkdMu3bm5SI58Wox4U
- osiPtJMkRoj0k5Du2gdTXbrFjmY2lXG39U89j+XfFyCZnTi7OvlexvGUsXw4Gdwm
- l8izjDfg7frm42q+JUGWFCc2uuqeLdq0QnlbD/aJMwO9FVgL0MNBGdWzEAKsVjQB
- otN5Ez/heedcLEm99dscGABpSBrfpRAeBc3UaU8=
- -----END CERTIFICATE-----
- #centos8 需要手动分别生成一个证书和私钥文件,再合并成一个文件
- [root@ftpServer ~]#ldd `which vsftpd` | grep ssl
- libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007f53dd410000)
- [root@ftpServer ~]#mkdir /etc/vsftpd/ssl
- [root@ftpServer ~]#cd /etc/vsftpd/ssl/
- [root@ftpServer ssl]#openssl req -x509 -nodes -keyout vsftpd.key -out vsftpd.crt -days 365 -newkey rsa:2048
- Generating a RSA private key
- ...........................+++++
- ..................................................................................+++++
- writing new private key to 'vsftpd.key'
- -----
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name (2 letter code) [XX]:CN
- State or Province Name (full name) []:zz
- Locality Name (eg, city) [Default City]:zz
- Organization Name (eg, company) [Default Company Ltd]:wenzi
- Organizational Unit Name (eg, section) []:it
- Common Name (eg, your name or your server's hostname) []:wenzi.com
- Email Address []:youxiang@163.com
- [root@ftpServer ssl]#ll
- total 8
- -rw-r--r-- 1 root root 1387 Aug 2 00:18 vsftpd.crt
- -rw------- 1 root root 1704 Aug 2 00:17 vsftpd.key
- [root@ftpServer ssl]#cat * > vsftpd.pem
- [root@ftpServer ssl]#cat vsftpd.pem
- -----BEGIN CERTIFICATE-----
- MIID0zCCArugAwIBAgIUOTggOPKZd8re8fs2WaIKC8giCQgwDQYJKoZIhvcNAQEL
- BQAweTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAnp6MQswCQYDVQQHDAJ6ejEOMAwG
- A1UECgwFd2VuemkxCzAJBgNVBAsMAml0MRIwEAYDVQQDDAl3ZW56aS5jb20xHzAd
- BgkqhkiG9w0BCQEWEHlvdXhpYW5nQDE2My5jb20wHhcNMjMwODAxMTYxODI4WhcN
- MjQwNzMxMTYxODI4WjB5MQswCQYDVQQGEwJDTjELMAkGA1UECAwCenoxCzAJBgNV
- BAcMAnp6MQ4wDAYDVQQKDAV3ZW56aTELMAkGA1UECwwCaXQxEjAQBgNVBAMMCXdl
- bnppLmNvbTEfMB0GCSqGSIb3DQEJARYQeW91eGlhbmdAMTYzLmNvbTCCASIwDQYJ
- KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK2vmKixV0dHvqPdxWdAjdh4U605itlo
- AZ9x3GegleVFHWe0gABGvf36Kl9KQmJtHYn6nbcGGLzmPDgdl7PhpHVViFY9H+br
- 0tpjRZSN+24nAWT9s1lKYQk0SIFYjSp0d01mTDzXOGrncHfdcXVFdx8Mjv4r76nB
- V4/CkN436ampLwysJ/Ohvgqd6Af+HRkKJzBfbzLTqLQAwZOojvnw9ylin5O2lSzB
- rJ94RSKgMPbpHV/2xET2ghVxz06WxtwMsrfBPArZmI7r8mQaQbZ8rmQhVfPVT+Tl
- i5lqFee+OnmTHpucVYQwmU8Tamg95VGTSLbbS3fQBnVGQ4UBx8xCaJ0CAwEAAaNT
- MFEwHQYDVR0OBBYEFLwFIH5UyVDWhJyzyKfTwBZKqEDoMB8GA1UdIwQYMBaAFLwF
- IH5UyVDWhJyzyKfTwBZKqEDoMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
- BQADggEBAGOySp/mrY8FBLUWWrCCGe8oL+tUuIwFNwrPEw31QMytRO/z/NPa0Vh8
- a2/EJgKCMj2eF6McaUpxFNJpfnVrhgtJpod888xR8FIZawYNcf8gz2jlaHzmG6oV
- mmfI3pW0gFqvdx0iDyPAt3NsbbHP2amZJhlQ8xR+Qao4QvXyVpnSUQ2Bo4tP8sMk
- 0LnHsiMZ73auMqrz8s5E54ZHj5EV3AgyqO6Nj0M1VoWOLzKUgbpZsTs/KNPDVLIk
- BpGQwxGUuJ9120S3MdPg7EOITDSRYdrHf4lTG0idSNgKUhLoJP/t9zj3bBc4MnM8
- Hbg5/Ny75fblGLcKV4V7PBjDvp9iNM8=
- -----END CERTIFICATE-----
- -----BEGIN PRIVATE KEY-----
- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCtr5iosVdHR76j
- 3cVnQI3YeFOtOYrZaAGfcdxnoJXlRR1ntIAARr39+ipfSkJibR2J+p23Bhi85jw4
- HZez4aR1VYhWPR/m69LaY0WUjftuJwFk/bNZSmEJNEiBWI0qdHdNZkw81zhq53B3
- 3XF1RXcfDI7+K++pwVePwpDeN+mpqS8MrCfzob4KnegH/h0ZCicwX28y06i0AMGT
- qI758PcpYp+TtpUswayfeEUioDD26R1f9sRE9oIVcc9OlsbcDLK3wTwK2ZiO6/Jk
- GkG2fK5kIVXz1U/k5YuZahXnvjp5kx6bnFWEMJlPE2poPeVRk0i220t30AZ1RkOF
- AcfMQmidAgMBAAECggEAT7/tDKhBNw2OT5eo6HwPpXG6mjNtud2zwQ568Woe6aMO
- mWubyoSxAEk5438pdCA+C/jzKfK2sSXWSL3txj65UNbxPwfZ+iIWMwiaDlgTNsTa
- MxD6pOkuHRfQovOR/gh0Lynln5oC4bNbRO59BifbRnpxvetWpE+OcQgZlK9/rtKq
- KxyvnuUmmTBjhHXDfSWpn3ok8w2jWHA/gK3XdP3K/WJQlEb7ywo799mGanBVd0Q1
- E0faOUN8l694UsVRTImYLbBDPCyHxK1gKILZ5FxayK5sxb8PWjJ3eCiZDFwse16+
- MEs/kO/qCikx80Z+rdzCg3GBM18FfepLdFmezmyxAQKBgQDgr69xbidtn9PlP3E5
- XgfHDO/x5+szKenMPv5tccHmbmj7Eo61VVULq8aJyk8hoXvdRbVIDUO5g9rtyxon
- k+BkxDH+VXM+Rd//hb50jgUGeOprgVwQI/VztpVGeSPlUPm+1KIcjagWD/hB55yf
- /zAvSLzt1CC0FtW5IWe5irbxkQKBgQDF5FSEvZXDR3ENmO7TTcQ3DkV+eTMQdKem
- aN3JKywJdIYqYvEWTf+Bl/B++lbYe32u+Sv3Uy3icBH/Z/GC2hlGtZbJoc0WLt5g
- dbpY9LCyHmJBoMEklnz+PWp1nxVxPIM99ezZrih1JA8/Q4tOM0oVuCGpPoyAtVn3
- vFcYBZ/ATQKBgQCni5qCNSgFoRc7bdGae7nE/qq2csB6iJilC5xiNF/o2xBBmRb9
- tUITz+XevhO/+lEJMX/62JlV7zMD+13ngWfk/EBjbYjgOO7N9geNlpG8v9HelLn3
- 9ziDLvWldZQE3hs96AVy0Vc0DHiNfI7Y6EwgFld76aDxac25nWVhgETnYQKBgQCA
- OZfuPu3oj8UYW2z8q9olFnE/JwdIdV4gPLjg3cF2CvPYSS4QFtAlR69Eh694LGRe
- 2QN9CX+kxptS1CYwdGOGZqli0x2RbyMWe5IYi8xmTbu67I/Zxk0Na/wsZL0/F0ev
- AUfMMMX0ST477uc375Hkit/8yxO9XkUCeh4w6Yv+zQKBgCBN7XJSjs2lo85HIctI
- 9fPB2IJHN4XB1lKYZZraJ5w7ywhsnR7QreDVNhOweFG5N0VEEkZkU54d0rmfzRq9
- DJpQLHONbQCU8QF7ll7gCxzzcUmIByUH6aGgR01/EgtQSqaZJzR39ZUKT+yO5/cY
- eZNrxFP6s+BPWchNksxx02j2
- -----END PRIVATE KEY-----
- [root@ftpServer ssl]#ll
- total 12
- -rw-r--r-- 1 root root 1387 Aug 2 00:18 vsftpd.crt
- -rw------- 1 root root 1704 Aug 2 00:17 vsftpd.key
- -rw-r--r-- 1 root root 3091 Aug 2 00:18 vsftpd.pem
- [root@ftpServer ssl]#vim /etc/vsftpd/vsftpd.conf
- ...
- #启用SSL
- ssl_enable=YES
- #匿名不支持SSL
- allow_anon_ssl=NO
- #本地用户登录加密
- force_local_logins_ssl=YES
- #本地用户数据传输加密
- force_local_data_ssl=YES
- #一个文件包含私钥和证书
- rsa_cert_file=/etc/vsftpd/ssl/vsftpd.pem
- [root@ftpServer ssl]#systemctl restart vsftpd
使用Filezilla连接ftpServer验证
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/很楠不爱3/article/detail/437828
推荐阅读
相关标签
