Linux Ubuntu 服务器上 VSFTPD/FTP 存在问题 - 故障排除步骤?

tag-icon tag-icon linux ubuntu ftp vsftpd
Linux Ubuntu 服务器上 VSFTPD/FTP 存在问题 - 故障排除步骤?

我正在处理一个问题,我不知道如何解决,并且已经为此烦恼了一段时间。我一直在尝试使用以下内容配置 FTP 用户(我们在所有服务器上都使用相同的文档)

安装 FTP 服务器

  • apt-get install vsftpd 将 local_enable 和 write_enable 启用为 YES
  • 并将 /etc/vsftpd.conf 中的匿名用户设置为 NO 重新启动 - service vsftpd
  • 重新启动-允许更改生效

在 WP Admin 中添加 WordPress 用户以进行 FTP 访问

为用户创建一个假 shell,在 /etc/shells 文件底部添加“usr/sbin/nologin”

添加 FTP 用户帐户

  • useradd 用户名 -d /var/www/ -s /usr/sbin/nologin
  • 密码 用户名

将这些行添加到 /etc/vsftpd.conf 的底部
- userlist_file=/etc/vsftpd.userlist - userlist_enable=YES - userlist_deny=NO

将用户名添加到 /etc/vsftpd.userlist 顶部的列表中

  • 重新启动 vsftpd “服务 vsftpd 重新启动”
  • 确保防火墙对 ftp 开放“ufw allow ftp”允许
  • 修改用户名的 /var/www 目录“chown -R /var/www

我也看过了这个帖子但没运气。我被拒绝连接。

抱歉,上面的文本格式不太好。我想你明白了。这是我们反复做的事情,但出于某种原因,它在这里不配合。

安装是 Ubuntu 12.04LTS 和 VSFTPD v2.3.5

答案1

这是您的 iptables 配置的 INPUT 部分。

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             127.0.0.0/8          reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

这里^

ufw-before-logging-input  all  --  anywhere             anywhere            
ufw-before-input  all  --  anywhere             anywhere            
ufw-after-input  all  --  anywhere             anywhere            
ufw-after-logging-input  all  --  anywhere             anywhere            
ufw-reject-input  all  --  anywhere             anywhere            
ufw-track-input  all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:ftp state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:ftp-data state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp spts:1024:65535 dpts:1024:65535 state ESTABLISHED

我用 REJECT 突出显示的行拒绝所有入站连接。您放在底部以允许 ftp 和 ftp 数据的规则永远不会触发。规则也不会触发ufw-

我不是 ubuntu 用户,而且我手边也没有可以查看的盒子,但很可能处理防火墙的 init 脚本正在对前几个规则进行硬编码,然后在启动序列的稍后部分会出现添加配置的位置。

答案2

不知道这是否有帮助,但这是我的 vsftpd.conf 文件,对我来说非常完美 :) 由于多年来的变化量很大。我注意到我的 vsftpd.conf 文件有所变化。

    # /etc/vsftpd.conf - vsftpd configuration file
#
# Run standalone
listen=YES
#
# Allow anonymous FTP
anonymous_enable=NO
#
# Allow local users to log in
local_enable=YES
#
# Allow any form of FTP write command
write_enable=YES
#
# Default umask is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd)
local_umask=022
anon_umask=022
#
# Allow the anonymous FTP user to upload files
anon_upload_enable=NO
#
# Allow the anonymous FTP user to be able to create new directories
anon_mkdir_write_enable=NO
#
# Activate directory messages
dirmessage_enable=YES
#
# Display directory listings with the time in your local time zone
use_localtime=YES
#
# Activate logging of uploads/downloads
xferlog_enable=YES                    
#
# Make sure PORT transfer connections originate from port 20 (ftp-data)
connect_from_port_20=YES
#
# Customise the login banner string
ftpd_banner=Welcome to FTP service.
#
# Restrict local users to their home directories
chroot_local_user=NO
#
# Activate the "-R" option to the builtin ls. This is disabled by default to
# avoid remote users being able to cause excessive I/O on large sites.
# However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option
ls_recurse_enable=YES
#
# Show textual names in the user and group fields of directory listings
text_userdb_names=YES
#
# Empty directory not writable by the ftp user as a secure chroot() jail at
# times vsftpd does not require filesystem access
secure_chroot_dir=/var/run/vsftpd/empty
#
# PAM service vsftpd will use
pam_service_name=vsftpd
#
# Support secure connections via SSL. This applies to the control connection
# (including login) and also data connections
ssl_enable=YES
#
# Certificate to use for SSL encrypted connections
rsa_cert_file=/etc/vsftpd/ssl/ssl.pem
#
#
# Not to require all SSL data connections to exhibit SSL session reuse
require_ssl_reuse=NO
#
# Force authenticated login and data via SSL
force_local_logins_ssl=NO
force_local_data_ssl=NO

ssl_ciphers=HIGH

# DEV1 Settings
listen_port=21
pasv_enable=YES
pasv_min_port=64400
pasv_max_port=64499

pasv_address=YOUR Static Public IP

相关内容