介绍 (Introduction)
FTP, short for File Transfer Protocol, is a network protocol that was once widely used for moving files between a client and server. It has since been replaced by faster, more secure, and more convenient ways of delivering files. Many casual internet users expect to download directly from their web browser with https
, and command-line users are more likely to use secure protocols such as the scp
or SFTP.
FTP是文件传输协议的缩写,是一种网络协议,曾经广泛用于在客户端和服务器之间移动文件。 此后,它已被更快,更安全和更方便的文件传输方式所取代。 许多临时的Internet用户期望直接从Web浏览器中使用https
下载,而命令行用户则更有可能使用诸如scp
或SFTP之类的安全协议。
FTP is still used to support legacy applications and workflows with very specific needs. If you have a choice of what protocol to use, consider exploring the more modern options. When you do need FTP, however, vsftpd is an excellent choice. Optimized for security, performance, and stability, vsftpd offers strong protection against many security problems found in other FTP servers and is the default for many Linux distributions.
FTP仍用于支持具有特定需求的旧版应用程序和工作流。 如果您选择使用哪种协议,请考虑探索更现代的选择。 但是,当您确实需要FTP时,vsftpd是一个不错的选择。 针对安全性,性能和稳定性进行了优化,vsftpd可针对其他FTP服务器中遇到的许多安全问题提供强大的保护,并且是许多Linux发行版的默认设置。
In this tutorial, you’ll configure vsftpd to allow a user to upload files to their home directory using FTP, with login credentials secured by SSL/TLS.
在本教程中,您将配置vsftpd,以允许用户使用FTP(其登录凭据由SSL / TLS保护)将文件上传到其主目录。
先决条件 (Prerequisites)
To follow along with this tutorial you will need:
要遵循本教程,您需要:
A Debian 10 server, and a non-root user with
sudo
privileges. You can learn more about how to create a user with these privileges in our Initial Server Setup with Debian 10 guide.Debian 10服务器和具有
sudo
特权的非root用户。 您可以在我们的《 带有Debian 10的初始服务器设置》指南中了解有关如何使用这些特权创建用户的更多信息。
第1步-安装vsftpd (Step 1 — Installing vsftpd)
Let’s start by updating our package list and installing the vsftpd
daemon:
让我们首先更新程序包列表并安装vsftpd
守护程序:
- sudo apt update sudo apt更新
- sudo apt install vsftpd 须藤apt安装vsftpd
When the installation is complete, copy the configuration file so you can start with a blank configuration, and save the original as a backup:
安装完成后,复制配置文件,以便您可以从空白配置开始,并将原始文件另存为备份:
- sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig 须藤cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
With a backup of the configuration in place, we’re ready to configure the firewall.
有了配置备份后,我们就可以配置防火墙了。
第2步-打开防火墙 (Step 2 — Opening the Firewall)
Let’s check the firewall status to see if it’s enabled. If it is, we’ll ensure that FTP traffic is permitted so firewall rules don’t block our tests. This guide assumes that you have UFW installed, following Step 4 in the initial server setup guide.
让我们检查防火墙状态以查看其是否已启用。 如果是这样,我们将确保允许FTP通信,以便防火墙规则不会阻止我们的测试。 本指南假定您已安装UFW,并遵循初始服务器设置指南中的步骤4。
Check the firewall status:
检查防火墙状态:
- sudo ufw status sudo ufw状态
In this case, only SSH is allowed through:
在这种情况下,仅允许通过以下方式使用SSH:
Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
You may have other rules in place or no firewall rules at all. Since only SSH traffic is permitted in this case, we’ll need to add rules for FTP traffic.
您可能有其他规则,也可能根本没有防火墙规则。 由于在这种情况下仅允许SSH流量,因此我们需要为FTP流量添加规则。
Let’s open ports 20
and 21
for FTP, port 990
for when we enable TLS, and ports 40000-50000
for the range of passive ports we plan to set in the configuration file:
让我们为FTP打开端口20
和21
,为启用TLS打开端口990
为计划在配置文件中设置的被动端口范围打开端口40000-50000
:
- sudo ufw allow 20/tcp sudo ufw允许20 / tcp
- sudo ufw allow 21/tcp sudo ufw允许21 / tcp
- sudo ufw allow 990/tcp 须藤ufw允许990 / tcp
- sudo ufw allow 40000:50000/tcp sudo ufw允许40000:50000 / tcp
Check the firewall status:
检查防火墙状态:
- sudo ufw status sudo ufw状态
Your firewall rules should now look like this:
您的防火墙规则现在应如下所示:
Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
990/tcp ALLOW Anywhere
20/tcp ALLOW Anywhere
21/tcp ALLOW Anywhere
40000:50000/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
20/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) ALLOW Anywhere (v6)
990/tcp (v6) ALLOW Anywhere (v6)
40000:50000/tcp (v6) ALLOW Anywhere (v6)
With vsftpd
installed and the necessary ports open, let’s move on to creating a dedicated FTP user.
安装了vsftpd
并打开了必要的端口后,我们继续创建专用的FTP用户。
步骤3 —准备用户目录 (Step 3 — Preparing the User Directory)
We will create a dedicated FTP user, but you may already have a user in need of FTP access. We’ll take care to preserve an existing user’s access to their data i