Quick HOWTO : Ch15 : Linux FTP Server Setup/zh
简介
文件传输协议(FTP)是互联网上服务器之间最常用的一种文件拷贝方式。大多数基于下载的web站点都利用浏览器的内置FTP组件,因此大多数的服务器操作系统都将FTP服务应用程序作为它的软件套件。Linux也不例外。
本章节将向您展示如何利用Fedora中默认的 非常安全FTP守护进程(VSFTPD)软件包 使您的linux服务器成为一个FTP服务器。
FTP 总览
FTP是依靠一对TCP端口来完成工作的。它是按我下面解释的2条连接通道来操作的:
FTP控制通道,TCP 21 端口:所有您发出和FTP服务器的响应命令都是通过这条控制通道来传递的,但是任何返回的数据(例如: "ls" 命令 显示文件或目录列表)都将通过数据通道来传递。
FTP 数据通道,TCP 20 端口:这个端口用于客户端和服务器端所有并发数据的传输。
除了这些通道外,还有多个FTP服务种类。
FTP类型
从网络的观点来看,主要有2中FTP类型:主动FTP和被动FTP。对于主动FTP来说,ftp服务器主动向FTP客户端发起一个数据传输连接。而对于被动FTP来说,这个连接是FTP客户端发起的。图15-1是相关说明。
图 15-1 主动和被动 FTP 说明
From a user management perspective there are also two types of FTP: regular FTP in which files are transferred using the username and password of a regular user FTP server, and anonymous FTP in which general access is provided to the FTP server using a well known universal login method.从用户管理的角度来看FTP可分为2类:常规FTP,这此种FTP服务器文件传输需要使用通过验证的用户名和密码,匿名FTP提供全体都可以登陆进行普通的访问.
Take a closer look at each type.
仔细看下面的每个类型.
主动 FTP
主动FTP的事件顺序如下:
- 服务器的FTP服务端以端口21和你的客户端建立连接。你的命令,例如“ls”和“get”通过这个连接来发送。
- 一旦客户端通过控制连接发送一个数据请求,服务器端就会和建立一个数据传输连接反户客户端。这个数据传输连接的源端口在服务器端通常为20,而目的端口在客户端上则通常为一个高于1024的端口。
- Thus the ls listing that you asked for comes back over the port 20 to high port connection, not the port 21 control connection.
FTP active mode therefore transfers data in a counter intuitive way to the TCP standard, as it selects port 20 as it's source port (not a random high port that's greater than 1024) and connects back to the client on a random high port that has been pre-negotiated on the port 21 control connection.
Active FTP may fail in cases where the client is protected from the Internet via many to one NAT (masquerading). This is because the firewall will not know which of the many servers behind it should receive the return connection.
主动ftp可能失败原因在客户端保护来在互联网路由可能由一个地址转换防火墙不会知道许多服务器在这个接收都需要返回. 主动FTP失败的原因可能是客户端由一个地址转换路由与互联网隔离了。防火墙不会知道许多服务器在这个接收都需要返回.
Passive FTP
Passive FTP works differently:
- Your client connects to the FTP server by establishing an FTP control connection to port 21 of the server. Your commands such as ls and get are sent over that connection.
- Whenever the client requests data over the control connection, the client initiates the data transfer connections to the server. The source port of these data transfer connections is always a high port on the client with a destination port of a high port on the server.
Passive FTP should be viewed as the server never making an active attempt to connect to the client for FTP data transfers. Because client always initiates the required connections, passive FTP works better for clients protected by a firewall.
As Windows defaults to active FTP, and Linux defaults to passive, you'll probably have to accommodate both forms when deciding upon a security policy for your FTP server.
1.你的客户商与ftp服务端端口21进行连接,你的那些命令如其中的ls和get是发送在这个连接上.
2.每次客户端请求数据在这个控制连接,这个客户端初始化这个数据传输到这个服务器,客户端上一个很高的请求端口与服务器很高的目的地端口.
被动连接是服务器从没主动尝试与客户端连接来看,因为客户端总是初始化请求连接,被动ftp更好工作在受保护的防火墙.
由于windows 默认是工作主动Ftp.Linux默认是工作在被动ftp.你要必须在你的ftp服务器容纳这两种不同工作方式.
Regular FTP 常规FTP服务器
By default, the VSFTPD package allows regular Linux users to copy files to and from their home directories with an FTP client using their Linux usernames and passwords as their login credentials.
VSFTPD also has the option of allowing this type of access to only a group of Linux users, enabling you to restrict the addition of new files to your system to authorized personnel.
The disadvantage of regular FTP is that it isn't suitable for general download distribution of software as everyone either has to get a unique Linux user account or has to use a shared username and password. Anonymous FTP allows you to avoid this difficulty. 默认情况下,VSFTPD包容许经过用户名和密码从FTP客户端登陆验证后,复制来他们的目录文件.
VSFTPD也有一些选项允许这些类型的访问只能为某一些组用户,使你能设置授权人员添加新文件.
非匿名的FTP服务器缺点是不利于普通的下载,当发布软件的时候给每个设置不同的linux账号,或者共
享一个用户和密码.使用匿名FTP服务器可以解决这个缺点
=== Anonymous FTP ===匿名FTP
Anonymous FTP is the choice of Web sites that need to exchange files with numerous unknown remote users. Common uses include downloading software updates and MP3s and uploading diagnostic information for a technical support engineers' attention. Unlike regular FTP where you login with a preconfigured Linux username and password, anonymous FTP requires only a username of anonymous and your email address for the password. Once logged in to a VSFTPD server, you automatically have access to only the default anonymous FTP directory (/var/ftp in the case of VSFTPD) and all its subdirectories.
As seen in Chapter 6, "Installing Linux Software", using anonymous FTP as a remote user is fairly straight forward. VSFTPD can be configured to support user-based and or anonymous FTP in its configuration file which you'll see later.
匿名FTP是选择许多网站需要给远程用户交换文件.
常见用途包括 下载软件更新,mp3,上传错误的信息给技术支持的工程引起注意.不像常规FTP如果你
要登陆还要预先有一个linux用户和密码.匿名服务器只要你一个以匿名用户名和以邮箱地址当密码进
入默认的目录(至于VSFTPD默认是 /var/ftp).并且包括默认根目录下的子目录.
跟第六章看一样,"安装Linux软件",使用匿名的FTP作为一个远程用户是相当的方便.当你看到下面
VSFTPD能在配置文件配置支持匿名和基于用户的FTP服务器