因此,我一直在研究 FTP/FTPS,并尝试设置一个可用的 FTPS 服务器。要使用 FTP(S),我一直在使用服务 vsftpd,我的服务器是运行 Ubuntu 14.04 的 Amazon EC2 实例。
masq@ftp:~$ uname -a
Linux ftp 3.15.0-031500rc2-generic #201404201435 SMP Sun Apr 20 18:36:18 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
现在,配置文件似乎设置非常简单。然而,由于某种原因,事情..没有正常工作...
我希望在本主题中解决的问题是被动配置与主动配置的问题。现在,我在配置文件中启用了 pasv 模式。我指定了一些 pasv 要使用的端口,并指定了它所在的地址……等等。(我将在下面发布我的文件配置)但是……当我通过 ftp 发出“ls”命令时,我仍然会收到此错误!以下是该示例的运行(我只是通过 FTP 连接到本地主机,所以我知道防火墙的东西不会妨碍(做确保防火墙不会妨碍……对吧?!):
masq@ftp:~$ ftp localhost
Connected to localhost.
220 (vsFTPd 3.0.2)
Name (localhost:masq): john
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-rw-r-- 1 1000 1000 0 Feb 18 04:55 random
226 Directory send OK.
ftp> passive
Passive mode on.
ftp> ls
227 Entering Passive Mode (xxx,xxx,xxx,xxx,46,229).
ftp: connect: Connection refused
ftp>
这是我的配置文件...
# allow anyone to connect?
anonymous_enable=NO
# is it turned on?
listen=YES
xferlog_enable=YES
log_ftp_protocol=YES
# allow people to upload?
write_enable=NO
# allow people to download?
download_enable=YES
# passive/active mode configuration
port_enable=YES
pasv_enable=YES
pasv_min_port=12000
pasv_max_port=12050
pasv_address=<retracted public IP>
# if pasv_address_resolve=YES, pasv_address should be a name, e.g. ftp.blah.com
#pasv_addr_resolve=YES
# local account enable
local_enable=YES
chroot_local_user=YES
user_sub_token=$USER
local_root=/home/$USER
allow_writeable_chroot=YES
# ssl config
#ssl_enable=YES
所以...我已经设置了 pasv_enable=YES... 并且所有其他选项都设置正确,正如我所有的研究告诉我的那样,但它实际上无法在 pasv 模式下工作。有人知道为什么它不起作用吗?>_>
我尝试使用一台无法使用活动连接的计算机从互联网访问该服务器,但无法获取目录列表,即 pasv 肯定不起作用。:/
谢谢大家,我真的被这个问题难住了。如果需要的话我可以提供更多信息。
PS 我确实将我的 ec2 安全组配置为打开端口 12000-12050、端口 20-21、TCP......所以我也不认为这是问题。
编辑 1:Ubuntu 版本是 14.04 LTS Trusty。vsftpd:版本 3.0.2
masq@ftp:~$ sudo cat /var/log/vsftpd.log
Thu Mar 12 00:35:38 2015 [pid 19825]
CONNECT: Client "127.0.0.1"
Thu Mar 12 00:35:46 2015 [pid 19824]
[masq] OK LOGIN: Client "127.0.0.1"
Thu Mar 12 00:37:19 2015 [pid 19834]
CONNECT: Client "127.0.0.1"
Thu Mar 12 00:37:24 2015 [pid 19833]
[masq] OK LOGIN: Client "127.0.0.1"
^ 我通过本地主机登录并请求目录。然后我注销并重新登录并发出被动命令,尽管配置文件中的 pasv_enable=YES 与我在原始帖子中展示的一样,但它仍然失败了。
我注意到的另一件事是,如果我只是运行
$sudo vsftpd
500 OOPS: could not bind listening IPv4 socket
我收到此错误。再次说明,我正在使用 amazon ec2,因此我的 pasv_address=xxx.xxx.xxx.xxx 是我的公共 IP 地址,而不是我的私有 IP 地址。您知道在日志的哪里我可以找到有关无法绑定到套接字错误的更详细的日志吗?我刚发布后就发现了这一点,我开始认为这是我的问题的原因。
EDIT_2:我尝试从外部源连接,并在本地尝试(只是在我的服务器盒上通过 FTP 连接本地主机)
Wed Mar 18 01:36:10 2015 [pid 8194] CONNECT: Client "127.0.0.1"
Wed Mar 18 01:36:10 2015 [pid 8194] FTP response: Client "127.0.0.1", "220 (vsFTPd 3.0.2)"
Wed Mar 18 01:36:16 2015 [pid 8194] FTP command: Client "127.0.0.1", "USER masq"
Wed Mar 18 01:36:16 2015 [pid 8194] [masq] FTP response: Client "127.0.0.1", "331 Please specify the password."
Wed Mar 18 01:36:20 2015 [pid 8194] [masq] FTP command: Client "127.0.0.1", "PASS <password>"
Wed Mar 18 01:36:20 2015 [pid 8193] [masq] OK LOGIN: Client "127.0.0.1"
Wed Mar 18 01:36:20 2015 [pid 8195] [masq] FTP response: Client "127.0.0.1", "230 Login successful."
Wed Mar 18 01:36:20 2015 [pid 8195] [masq] FTP command: Client "127.0.0.1", "SYST"
Wed Mar 18 01:36:20 2015 [pid 8195] [masq] FTP response: Client "127.0.0.1", "215 UNIX Type: L8"
Wed Mar 18 01:36:22 2015 [pid 8195] [masq] FTP command: Client "127.0.0.1", "PORT 127,0,0,1,204,221"
Wed Mar 18 01:36:22 2015 [pid 8195] [masq] FTP response: Client "127.0.0.1", "200 PORT command successful. Consider using PASV."
Wed Mar 18 01:36:22 2015 [pid 8195] [masq] FTP command: Client "127.0.0.1", "LIST"
Wed Mar 18 01:36:22 2015 [pid 8195] [masq] FTP response: Client "127.0.0.1", "150 Here comes the directory listing."
Wed Mar 18 01:36:22 2015 [pid 8195] [masq] FTP response: Client "127.0.0.1", "226 Directory send OK."
Wed Mar 18 01:36:35 2015 [pid 8195] [masq] FTP command: Client "127.0.0.1", "PASV"
Wed Mar 18 01:36:35 2015 [pid 8195] [masq] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (52,10,22,18,46,246)."
Wed Mar 18 01:36:47 2015 [pid 8195] [masq] FTP command: Client "127.0.0.1", "QUIT"
Wed Mar 18 01:36:47 2015 [pid 8195] [masq] FTP response: Client "127.0.0.1", "221 Goodbye."
Wed Mar 18 01:58:11 2015 [pid 8257] CONNECT: Client "127.0.0.1"
Wed Mar 18 01:58:11 2015 [pid 8257] FTP response: Client "127.0.0.1", "220 (vsFTPd 3.0.2)"
Wed Mar 18 01:58:13 2015 [pid 8257] FTP command: Client "127.0.0.1", "USER john"
Wed Mar 18 01:58:13 2015 [pid 8257] [john] FTP response: Client "127.0.0.1", "331 Please specify the password."
Wed Mar 18 01:58:15 2015 [pid 8257] [john] FTP command: Client "127.0.0.1", "PASS <password>"
Wed Mar 18 01:58:15 2015 [pid 8256] [john] OK LOGIN: Client "127.0.0.1"
Wed Mar 18 01:58:15 2015 [pid 8258] [john] FTP response: Client "127.0.0.1", "230 Login successful."
Wed Mar 18 01:58:15 2015 [pid 8258] [john] FTP command: Client "127.0.0.1", "SYST"
Wed Mar 18 01:58:15 2015 [pid 8258] [john] FTP response: Client "127.0.0.1", "215 UNIX Type: L8"
Wed Mar 18 01:58:16 2015 [pid 8258] [john] FTP command: Client "127.0.0.1", "PORT 127,0,0,1,183,134"
Wed Mar 18 01:58:16 2015 [pid 8258] [john] FTP response: Client "127.0.0.1", "200 PORT command successful. Consider using PASV."
Wed Mar 18 01:58:16 2015 [pid 8258] [john] FTP command: Client "127.0.0.1", "LIST"
Wed Mar 18 01:58:16 2015 [pid 8258] [john] FTP response: Client "127.0.0.1", "150 Here comes the directory listing."
Wed Mar 18 01:58:16 2015 [pid 8258] [john] FTP response: Client "127.0.0.1", "226 Directory send OK."
Wed Mar 18 01:58:22 2015 [pid 8258] [john] FTP command: Client "127.0.0.1", "QUIT"
Wed Mar 18 01:58:22 2015 [pid 8258] [john] FTP response: Client "127.0.0.1", "221 Goodbye."
Wed Mar 18 02:14:44 2015 [pid 8374] CONNECT: Client "xxx.xxx.2.43"
Wed Mar 18 02:14:44 2015 [pid 8374] FTP response: Client "xxx.xxx.2.43", "220 (vsFTPd 3.0.2)"
Wed Mar 18 02:14:46 2015 [pid 8374] FTP command: Client "xxx.xxx.2.43", "USER john"
Wed Mar 18 02:14:46 2015 [pid 8374] [john] FTP response: Client "xxx.xxx.2.43", "331 Please specify the password."
Wed Mar 18 02:14:49 2015 [pid 8374] [john] FTP command: Client "xxx.xxx.2.43", "PASS <password>"
Wed Mar 18 02:14:49 2015 [pid 8373] [john] OK LOGIN: Client "xxx.xxx.2.43"
Wed Mar 18 02:14:49 2015 [pid 8375] [john] FTP response: Client "xxx.xxx.2.43", "230 Login successful."
Wed Mar 18 02:14:49 2015 [pid 8375] [john] FTP command: Client "xxx.xxx.2.43", "SYST"
Wed Mar 18 02:14:49 2015 [pid 8375] [john] FTP response: Client "xxx.xxx.2.43", "215 UNIX Type: L8"
Wed Mar 18 02:14:52 2015 [pid 8375] [john] FTP command: Client "xxx.xxx.2.43", "PASV"
Wed Mar 18 02:14:52 2015 [pid 8375] [john] FTP response: Client "xxx.xxx.2.43", "227 Entering Passive Mode (52,10,22,18,47,5)."
Wed Mar 18 02:14:52 2015 [pid 8375] [john] FTP command: Client "xxx.xxx.2.43", "LIST"
Wed Mar 18 02:14:52 2015 [pid 8375] [john] FTP response: Client "xxx.xxx.2.43", "150 Here comes the directory listing."
Wed Mar 18 02:14:52 2015 [pid 8375] [john] FTP response: Client "xxx.xxx.2.43", "226 Directory send OK."
Wed Mar 18 02:15:06 2015 [pid 8375] [john] FTP command: Client "xxx.xxx.2.43", "PORT 10,0,0,2,199,11"
Wed Mar 18 02:15:06 2015 [pid 8375] [john] FTP response: Client "xxx.xxx.2.43", "500 Illegal PORT command."
Wed Mar 18 02:15:21 2015 [pid 8375] [john] FTP command: Client "xxx.xxx.2.43", "PORT 10,0,0,2,235,22"
Wed Mar 18 02:15:21 2015 [pid 8375] [john] FTP response: Client "xxx.xxx.2.43", "500 Illegal PORT command."
Wed Mar 18 02:15:24 2015 [pid 8375] [john] FTP command: Client "xxx.xxx.2.43", "PASV"
Wed Mar 18 02:15:24 2015 [pid 8375] [john] FTP response: Client "xxx.xxx.2.43", "227 Entering Passive Mode (52,10,22,18,46,232)."
Wed Mar 18 02:15:24 2015 [pid 8375] [john] FTP command: Client "xxx.xxx.2.43", "LIST"
Wed Mar 18 02:15:24 2015 [pid 8375] [john] FTP response: Client "xxx.xxx.2.43", "150 Here comes the directory listing."
Wed Mar 18 02:15:24 2015 [pid 8375] [john] FTP response: Client "xxx.xxx.2.43", "226 Directory send OK."
Wed Mar 18 02:15:26 2015 [pid 8375] [john] FTP command: Client "xxx.xxx.2.43", "PASV"
Wed Mar 18 02:15:26 2015 [pid 8375] [john] FTP response: Client "xxx.xxx.2.43", "227 Entering Passive Mode (52,10,22,18,46,254)."
Wed Mar 18 02:15:27 2015 [pid 8375] [john] FTP command: Client "xxx.xxx.2.43", "LIST"
Wed Mar 18 02:15:27 2015 [pid 8375] [john] FTP response: Client "xxx.xxx.2.43", "150 Here comes the directory listing."
Wed Mar 18 02:15:27 2015 [pid 8375] [john] FTP response: Client "xxx.xxx.2.43", "226 Directory send OK."
Wed Mar 18 02:15:35 2015 [pid 8375] [john] FTP command: Client "xxx.xxx.2.43", "QUIT"
Wed Mar 18 02:15:35 2015 [pid 8375] [john] FTP response: Client "xxx.xxx.2.43", "221 Goodbye."
这是最新的日志(但我修改了我的外部 IP)。有趣的是,我可以成功地从外部客户端更改为被动,而当我尝试在服务器本身上连接时却无法更改。但是,我使用的外部客户端是我拥有的另一个 Ubuntu 14.04 服务器。当我尝试使用 FileZilla 或 WinSCP(在 FTP 模式下)从我的一个 Windows 客户端进行外部连接时,我根本无法再连接(被动或主动),并且这些失败的连接也根本不显示在日志中。我成功连接的服务器与 Windows 客户端位于同一 LAN 上,因此任何网络问题都应该存在于两个盒子上。我以前能够使用主动连接连接到我的 Windows 客户端,但无论出于什么原因,即使使用主动连接也无法正常工作。
答案1
自 3.0.0 版本以来,vsftpd 自动使用新的内核模块 seccomp。使用 seccomp 时,vsftpd 有点问题。
将此行添加到 /etc/vsftpd.conf 末尾
seccomp_sandbox=否
并重新启动服务器:
sudo 服务 vsftpd 重新启动