RHEL6–34–FTP-SFTP-VSFTP
FTP
SFTP
VSFTP
What is FTP?
File Transfer protocol is a way to transfer files between systems. It
works in to and from way means upload as well as download supported.
It is based on server/client architecture. FTP is to be split in two
different channels, one serves for the data (TCP-port 20) and the other for the
control (TCP-port 21). Over the control channel the two sides (server and
client) exchange commands for the initiation of the data transfer.
Port 20 – This is the data transfer port. All the subsequent data
transfers between the client and server are done using this port.
Port 21 – On this port control connection is established. All
commands we send and the ftp server’s responses to those commands will go over
the control connection, but any data sent back (such as “ls” directory lists or
actual file data in either direction) will go over the data connection.
A FTP connection involves four steps:
User authentication
Establishing the control
channel
Establishing the data
channel
Discontinuing the connection
What is SFTP?
Secure File Transfer Protocol (SFTP) is a secure version of File
Transfer Protocol (FTP), which facilitates data access and data transfer over a
Secure Shell (SSH) data stream. It is part of the SSH Protocol. Its
functionality is similar to that of FTP, but SFTP uses SSH to transfer files.
In short SFTP known as SSH File Transfer Protocol.
SFTP encrypts both commands and data making it secure. All
communication is done over port 22
SFTP emulates the ftp syntax, but it's not actually ftp at all, just
running through ssh instead.
We can ftp (with or without ssl) to a vsftp server, but we can't ftp
to an sftp server, we can only sftp / scp to it.
SFTP users by default can see directories and files of other users.
Compared to the SCP protocol, which only allows file transfers, the
SFTP protocol allows for a range of operations on remote files which make it
more like a remote file system protocol. An SFTP client's extra capabilities
include resuming interrupted transfers, directory listings, and remote file
removal.
The protocol itself does not provide authentication and security; it
expects the underlying protocol to secure this. SFTP is most often used as
subsystem of SSH protocol version 2 implementations.
What is VSFTP?
vsftpd represents a server for unix like operating systems, it runs
on platforms like Linux, BSD, Solaris, HP-UX and AIX. It supports many
features, Some of them are:
Very high security
requirements
Band width limits
Good scalability
The possibililty to create
virtual users
IPV6 support
Better than average
performance
Virtual IP supported
High speed
In built chroot jail
support
vsftpd can support FTPS if configured, but SFTP runs over ssh.
HOW TO ENABLE/CONFIGURE FTP IN RHEL6?
[root@rhel6-server ~]# ftp 192.168.234.144
-bash: ftp: command not found
[root@rhel6-server ~]# yum install ftp
Loaded
plugins: product-id, refresh-packagekit, security, subscription-manager
This
system is not registered to Red Hat Subscription Management. You can use
subscription-manager to register.
client
| 2.9 kB 00:00
Setting
up Install Process
Resolving
Dependencies
-->
Running transaction check
--->
Package ftp.x86_64 0:0.17-53.el6 will be installed
-->
Finished Dependency Resolution
Dependencies
Resolved
================================================================================
Package
Arch Version Repository Size
================================================================================
Installing:
ftp
x86_64 0.17-53.el6 client 58 k
Transaction
Summary
================================================================================
Install 1 Package(s)
Total
download size: 58 k
Installed
size: 95 k
Is
this ok [y/N]: y çç
Downloading
Packages:
ftp-0.17-53.el6.x86_64.rpm | 58 kB
00:00
Running
rpm_check_debug
Running
Transaction Test
Transaction
Test Succeeded
Running
Transaction
Installing : ftp-0.17-53.el6.x86_64 1/1
Verifying
: ftp-0.17-53.el6.x86_64 1/1
Installed:
ftp.x86_64 0:0.17-53.el6
Complete!
[root@rhel6-server ~]# rpm -qa ftp*
ftp-0.17-53.el6.x86_64
[root@rhel6-server ~]# yum list installed ftp
Loaded
plugins: product-id, refresh-packagekit, security, subscription-manager
This
system is not registered to Red Hat Subscription Management. You can use
subscription-manager to register.
Installed
Packages
ftp.x86_64 0.17-53.el6 @client
Consider following directives to be enabled,
[root@rhel6-test1 ~]# vi /etc/vsftpd/vsftpd.conf
# Allow anonymous FTP? (Beware - allowed by default if you comment
this out).
anonymous_enable=YES çç
#
# Uncomment this to allow local users to log in.
local_enable=YES çç
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES çç
[root@rhel6-server ~]# ftp 192.168.234.144
Connected
to 192.168.234.144 (192.168.234.144).
220
(vsFTPd 2.2.2)
Name
(192.168.234.144:root): raman
331
Please specify the password.
Password:
230
Login successful.
Remote
system type is UNIX.
Using
binary mode to transfer files.
ftp>
bye
221
Goodbye.
HOW TO ENABLE SFTP IN RHEL6?
For SFTP ssh must be enabled.
[root@rhel6-test1 ~]# rpm -qa|grep ssh
libssh2-1.4.2-1.el6.x86_64
openssh-5.3p1-84.1.el6.x86_64
openssh-askpass-5.3p1-84.1.el6.x86_64
openssh-clients-5.3p1-84.1.el6.x86_64
openssh-server-5.3p1-84.1.el6.x86_64
[root@rhel6-server ~]# sftp raman@192.168.234.144
Connecting to 192.168.234.144...
raman@192.168.234.144's password:
sftp> ls -ltr
-rw-rw-r-- 1 raman raman
9216000 May 6 00:08 f1
-rw-rw-r-- 1 raman raman
3072000 May 6 00:11 f2
-rw-rw-r-- 1 raman raman
2048000 May 6 00:11 f3
-rw-rw-r-- 1 raman raman
987136 May 6 00:12 f4
HOW TO ENABLE/CONFIGURE VSFTP IN RHEL6?
[root@rhel6-test1 ~]# rpm -qa vsftpd
vsftpd-2.2.2-11.el6.x86_64
[root@rhel6-test1 ~]# yum list installed vsftpd
Loaded
plugins: changelog, product-id, refresh-packagekit, security,
: subscription-manager
This
system is not registered to Red Hat Subscription Management. You can use
subscription-manager to register.
Installed
Packages
vsftpd.x86_64 2.2.2-11.el6 installed
If not installed, then we can
[root@rhel6-server ~]# yum install -y vsftp*
How to enable uploading/allow changes at file system in ftp?
write_enable=YES çç (at /etc/vsftpd/vsftpd.conf)
For Anonymous users,
# Uncomment this to allow the anonymous FTP user to upload files.
This only
# has an effect if the above global write enable is activated. Also,
you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES çç
#
# Uncomment this if you want the anonymous FTP user to be able to
create
# new directories.
#anon_mkdir_write_enable=YES çç
How to set timeout in ftp?
The following timeouts are set by default in vsFTPd (these values are
built in, so you don't have to make any changes to the /etc/vsftpd/vsftpd.conf
file for them to take effect):
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
How to check/enable FTP log?
# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
xferlog_enable=YES
# The name of log file when xferlog_enable=YES and
xferlog_std_format=YES
# WARNING - changing this filename affects
/etc/logrotate.d/vsftpd.log
#xferlog_file=/var/log/xferlog
xferlog_file=/var/log/vsftpd.log
[root@rhel6-test1 ~]# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
[root@rhel6-test1 ~]# less /var/log/secure
When a user logged in via “anonymous” username, that user connected
with ftp server as user “ftp”
[root@rhel6-test1 ~]# grep ftp /etc/passwd
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
Directly username “ftp” cannot be used.
Home dir for “anonymous” user is “/var/ftp”.
How to restrict user access to ftp server?
[root@rhel6-test1 ~]# vi /etc/vsftpd/ftpusers
Put the user names in this file that need to be restricted.
How to enable root access to ftp server?
[root@rhel6-test1 ~]# vi /etc/vsftpd/ftpusers
#root çç
comment this
[root@rhel6-test1 ~]# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
How to restrict navigation outside user’s home dir in ftp?
chroot_local_user=YES çç uncomment this
If “selinux” is enabled,
[root@rhel6-test1 ~]# sestatus
SELinux status:
enabled
SELinuxfs mount:
/selinux
Current mode:
enforcing
Mode from config file:
enforcing
Policy version:
24
Policy from config file:
targeted
[root@rhel6-test1 ~]# setsebool -P ftp_home_dir=1
[root@rhel6-test1 ~]# getsebool -a |grep -i ftp
allow_ftpd_anon_write
--> off
allow_ftpd_full_access
--> off
allow_ftpd_use_cifs
--> off
allow_ftpd_use_nfs
--> off
ftp_home_dir
--> on
ftpd_connect_db
--> off
ftpd_use_passive_mode
--> off
httpd_enable_ftp_server
--> off
tftp_anon_write
--> off
How to enable dual log in ftp?
# This depends on setting xferlog_std_format parameter
dual_log_enable=YES çç I made this entry
xferlog_enable=YES
# The name of log file when xferlog_enable=YES and
xferlog_std_format=YES
# WARNING - changing this filename affects
/etc/logrotate.d/vsftpd.log
xferlog_file=/var/log/xferlog
xferlog_file=/var/log/vsftpd.log çç I made this entry
[root@rhel6-test1 ~]# service vsftpd restart
[root@rhel6-test1 ~]# cat /var/log/xferlog
Fri
May 12 14:02:27 2017 1 192.168.234.146 3017 /pub/repodata/repomd.xml b _ o a ftp@example.com
ftp 0 * c
Fri
May 12 14:02:39 2017 1 192.168.234.146 59060 /pub/ftp-0.17-53.el6.x86_64.rpm b
_ o a ftp@example.com ftp 0 * c
Fri
May 12 14:18:54 2017 1 192.168.234.146 9216000 /home/raman/f1 b _ o r raman ftp
0 * c
Fri
May 12 14:19:25 2017 1 192.168.234.146 1512 /etc/passwd b _ o r raman ftp 0 * c
Fri
May 12 14:20:47 2017 1 192.168.234.146 0 /var/log/cron b _ o r raman ftp 0 * i
Fri
May 12 14:20:57 2017 1 192.168.234.146 0 /var/log/messages b _ o r raman ftp 0
* i
Sat
May 13 01:56:19 2017 1 192.168.234.146 3017 /pub/repodata/repomd.xml b _ o a
ftp@example.com ftp 0 * c
[root@rhel6-test1 ~]# cat /var/log/vsftpd.log
Sat
May 13 10:11:21 2017 [pid 7085] CONNECT: Client "192.168.234.1"
Sat
May 13 10:11:25 2017 [pid 7084] [raman] OK LOGIN: Client "192.168.234.1"
REFERENCE & GOOD READ,
No comments:
Post a Comment