Quick HOWTO : Ch15 : Linux FTP Server Setup/zh
简介
文件传输协议(FTP)是互联网上服务器之间最常用的一种文件拷贝方式。大多数基于下载的web站点都利用浏览器的内置FTP组件,因此大多数的服务器操作系统都将FTP服务应用程序作为它的软件套件。Linux也不例外。
本章节将向您展示如何利用Fedora中默认的 非常安全FTP守护进程(VSFTPD)软件包 使您的linux服务器成为一个FTP服务器。
FTP 总览
FTP是依靠一对TCP端口来完成工作的。它是按我下面解释的2条连接通道来操作的:
FTP控制通道,TCP 21 端口:所有您发出和FTP服务器的响应命令都是通过这条控制通道来传递的,但是任何返回的数据(例如: "ls" 命令 显示文件或目录列表)都将通过数据通道来传递。
FTP 数据通道,TCP 20 端口:这个端口用于客户端和服务器端所有并发数据的传输。
除了这些通道外,还有多个FTP服务种类。
FTP类型
从网络的观点来看,主要有2中FTP类型:主动FTP和被动FTP。对于主动FTP来说,ftp服务器主动向FTP客户端发起一个数据传输连接。而对于被动FTP来说,这个连接是FTP客户端发起的。图15-1是相关说明。
图 15-1 主动和被动 FTP 说明
From a user management perspective there are also two types of FTP: regular FTP in which files are transferred using the username and password of a regular user FTP server, and anonymous FTP in which general access is provided to the FTP server using a well known universal login method.从用户管理的角度来看FTP可分为2类:正式FTP,这此种FTP服务器文件传输需要使用正式的用户名和密码,而匿名FTP
Take a closer look at each type.
主动 FTP
主动FTP的事件顺序如下:
- 服务器的FTP服务端以端口21和你的客户端建立连接。你的命令,例如“ls”和“get”通过这个连接来发送。
- 一旦客户端通过控制连接发送一个数据请求,服务器端就会和建立一个数据传输连接反户客户端。这个数据传输连接的源端口在服务器端通常为20,而目的端口在客户端上则通常为一个高于1024的端口。
- Thus the ls listing that you asked for comes back over the port 20 to high port connection, not the port 21 control connection.
FTP active mode therefore transfers data in a counter intuitive way to the TCP standard, as it selects port 20 as it's source port (not a random high port that's greater than 1024) and connects back to the client on a random high port that has been pre-negotiated on the port 21 control connection.
Active FTP may fail in cases where the client is protected from the Internet via many to one NAT (masquerading). This is because the firewall will not know which of the many servers behind it should receive the return connection.
Passive FTP
Passive FTP works differently:
- Your client connects to the FTP server by establishing an FTP control connection to port 21 of the server. Your commands such as ls and get are sent over that connection.
- Whenever the client requests data over the control connection, the client initiates the data transfer connections to the server. The source port of these data transfer connections is always a high port on the client with a destination port of a high port on the server.
Passive FTP should be viewed as the server never making an active attempt to connect to the client for FTP data transfers. Because client always initiates the required connections, passive FTP works better for clients protected by a firewall.
As Windows defaults to active FTP, and Linux defaults to passive, you'll probably have to accommodate both forms when deciding upon a security policy for your FTP server.
1.你的客户商与ftp服务端端口21进行连接,你的那些命令如其中的ls和get是发送在这个连接上.
2.每次客户端请求数据在这个控制连接,这个客户端初始化这个数据传输到这个服务器,客户端上一个很高的请求端口与服务器很高的目的地端口.
被动连接是服务器从没主动尝试与客户端连接来看,因为客户端总是初始化请求连接,被动ftp更好工作在受保护的防火墙.
由于windows 默认是工作主动Ftp.Linux默认是工作在被动ftp.你要必须在你的ftp服务器容纳这两种不同工作方式.
Regular FTP
By default, the VSFTPD package allows regular Linux users to copy files to and from their home directories with an FTP client using their Linux usernames and passwords as their login credentials.
VSFTPD also has the option of allowing this type of access to only a group of Linux users, enabling you to restrict the addition of new files to your system to authorized personnel.
The disadvantage of regular FTP is that it isn't suitable for general download distribution of software as everyone either has to get a unique Linux user account or has to use a shared username and password. Anonymous FTP allows you to avoid this difficulty.
Anonymous FTP
Anonymous FTP is the choice of Web sites that need to exchange files with numerous unknown remote users. Common uses include downloading software updates and MP3s and uploading diagnostic information for a technical support engineers' attention. Unlike regular FTP where you login with a preconfigured Linux username and password, anonymous FTP requires only a username of anonymous and your email address for the password. Once logged in to a VSFTPD server, you automatically have access to only the default anonymous FTP directory (/var/ftp in the case of VSFTPD) and all its subdirectories.
As seen in Chapter 6, "Installing Linux Software", using anonymous FTP as a remote user is fairly straight forward. VSFTPD can be configured to support user-based and or anonymous FTP in its configuration file which you'll see later.