{"id":434,"date":"2022-07-06T21:57:28","date_gmt":"2022-07-06T13:57:28","guid":{"rendered":"https:\/\/blog.zhouhonghe.com\/?p=434"},"modified":"2023-10-09T23:42:29","modified_gmt":"2023-10-09T15:42:29","slug":"centos-%e5%ae%89%e8%a3%85-vsftp","status":"publish","type":"post","link":"https:\/\/blog.zhouhonghe.com\/?p=434","title":{"rendered":"Linux \u5b89\u88c5 vsFTP\uff0c\u652f\u6301SSL"},"content":{"rendered":"<p><strong>1\u3001\u5b89\u88c5vsftp<\/strong><br \/>\ndnf install vsftpd<\/p>\n<p><strong>2\u3001\u914d\u7f6evsftp<\/strong><br \/>\nvi \/etc\/vsftpd\/vsftpd.conf<br \/>\n<code><br \/>\n#\u7aef\u53e3<br \/>\nlisten_port=60021<\/p>\n<p>#\u4e0d\u5141\u8bb8\u533f\u540d\u767b\u5f55<br \/>\nanonymous_enable=NO<\/p>\n<p>#\u5141\u8bb8\/etc\/passwd\u5185\u7684\u672c\u5730\u7528\u6237\u767b\u5f55FTP<br \/>\nlocal_enable=YES<\/p>\n<p>#\u5177\u6709\u5199\u6743\u9650<br \/>\nwrite_enable=YES<\/p>\n<p>#\u672c\u5730\u7528\u6237\u521b\u5efa\u6587\u4ef6\u6216\u76ee\u5f55\u7684\u63a9\u7801<br \/>\nlocal_umask=022<\/p>\n<p>#\u5f00\u542f\u65e5\u5fd7<br \/>\nxferlog_enable=YES<br \/>\nxferlog_std_format=YES<\/p>\n<p>#\u5f00\u542f20\u7aef\u53e3<br \/>\nconnect_from_port_20=YES<\/p>\n<p>#\u8fd9\u4e2a\u662fpam\u6a21\u5757\u7684\u540d\u79f0\uff0c\u6211\u4eec\u653e\u7f6e\u5728\/etc\/pam.d\/vsftpd<br \/>\npam_service_name=vsftpd<\/p>\n<p>userlist_enable=YES<\/p>\n<p>#\u652f\u6301TCP Wrappers<br \/>\ntcp_wrappers=NO<\/p>\n<p>#\u901a\u8fc7\u642d\u914d\u80fd\u5b9e\u73b0\u4ee5\u4e0b\u51e0\u79cd\u6548\u679c\uff1a<br \/>\n#\u2460\u5f53chroot_list_enable=YES\uff0cchroot_local_user=YES\u65f6\uff0c\u5728\/etc\/vsftpd.chroot_list\u6587\u4ef6\u4e2d\u5217\u51fa\u7684\u7528\u6237\uff0c\u53ef\u4ee5\u5207\u6362\u5230\u5176\u4ed6\u76ee\u5f55\uff1b\u672a\u5728\u6587\u4ef6\u4e2d\u5217\u51fa\u7684\u7528\u6237\uff0c\u4e0d\u80fd\u5207\u6362\u5230\u5176\u4ed6\u76ee\u5f55\u3002<br \/>\n#\u2461\u5f53chroot_list_enable=YES\uff0cchroot_local_user=NO\u65f6\uff0c\u5728\/etc\/vsftpd.chroot_list\u6587\u4ef6\u4e2d\u5217\u51fa\u7684\u7528\u6237\uff0c\u4e0d\u80fd\u5207\u6362\u5230\u5176\u4ed6\u76ee\u5f55\uff1b\u672a\u5728\u6587\u4ef6\u4e2d\u5217\u51fa\u7684\u7528\u6237\uff0c\u53ef\u4ee5\u5207\u6362\u5230\u5176\u4ed6\u76ee\u5f55\u3002<br \/>\n#\u2462\u5f53chroot_list_enable=NO\uff0cchroot_local_user=YES\u65f6\uff0c\u6240\u6709\u7684\u7528\u6237\u5747\u4e0d\u80fd\u5207\u6362\u5230\u5176\u4ed6\u76ee\u5f55\u3002<br \/>\n#\u2463\u5f53chroot_list_enable=NO\uff0cchroot_local_user=NO\u65f6\uff0c\u6240\u6709\u7684\u7528\u6237\u5747\u53ef\u4ee5\u5207\u6362\u5230\u5176\u4ed6\u76ee\u5f55\u3002<br \/>\nchroot_local_user=YES<br \/>\nchroot_list_enable=NO<\/p>\n<p>#\u4e0d\u6dfb\u52a0\u4e0b\u9762\u8fd9\u4e2a\u4f1a\u62a5\u9519\uff1a500 OOPS: vsftpd: refusing to run with writable root inside chroot()<br \/>\nallow_writeable_chroot=YES<\/p>\n<p>#\u542f\u52a8\u88ab\u52a8\u5f0f(passive mode)<br \/>\npasv_enable=YES<br \/>\n#\u88ab\u52a8\u6a21\u5f0f\u7aef\u53e3<br \/>\npasv_min_port=60022<br \/>\npasv_max_port=60025<\/p>\n<p>#FTP\u8bbf\u95ee\u76ee\u5f55<br \/>\nlocal_root=\/data\/ftp\/<\/p>\n<p>#SSL\u652f\u6301<br \/>\nssl_enable=yes<br \/>\nssl_tlsv1=yes<br \/>\nssl_sslv2=NO<br \/>\nssl_sslv3=NO<br \/>\nimplicit_ssl=yes<br \/>\nrequire_ssl_reuse=NO<br \/>\nforce_local_logins_ssl=yes<br \/>\nforce_local_data_ssl=yes<br \/>\nrsa_cert_file=\/etc\/vsftpd\/ssl\/vsftpd.perm<\/code><\/p>\n<p><strong>3\u3001\u521b\u5efaSSL cert<\/strong><br \/>\nmkdir \/etc\/vsftpd\/ssl<br \/>\ncd \/etc\/vsftpd\/ssl<br \/>\nopenssl req -new -x509 -nodes -out vsftpd.perm -keyout vsftpd.perm<\/p>\n<p><strong>4\u3001\u542f\u52a8ftp\u670d\u52a1<\/strong><br \/>\nsystemctl enable vsftpd<br \/>\nsystemctl start vsftpd<br \/>\nsystemctl status vsftpd<\/p>\n<p><strong>5\u3001\u89e3\u51b3\u201c530 Login incorrect\u201d\u9519\u8bef<\/strong><br \/>\nvi \/etc\/pam.d\/vsftpd<br \/>\n<code>#auth required pam_shells.so<br \/>\n<\/code><\/p>\n<p>\u53c2\u8003\uff1a<br \/>\n<a href=\"https:\/\/blog.csdn.net\/mrliqifeng\/article\/details\/120185671\" target=\"_blank\" rel=\"noopener\">https:\/\/blog.csdn.net\/mrliqifeng\/article\/details\/120185671<\/a><br \/>\n<a href=\"https:\/\/blog.51cto.com\/u_9652359\/4985684\" target=\"_blank\" rel=\"noopener\">https:\/\/blog.51cto.com\/u_9652359\/4985684<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>1\u3001\u5b89\u88c5vsftp dnf install vsftpd 2\u3001\u914d\u7f6evsftp vi \/etc\/vsftpd\/v [&hellip;]<\/p>... ","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-434","post","type-post","status-publish","format-standard","hentry","category-5"],"_links":{"self":[{"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=\/wp\/v2\/posts\/434","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=434"}],"version-history":[{"count":16,"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=\/wp\/v2\/posts\/434\/revisions"}],"predecessor-version":[{"id":481,"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=\/wp\/v2\/posts\/434\/revisions\/481"}],"wp:attachment":[{"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=434"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=434"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.zhouhonghe.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=434"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}