zoukankan      html  css  js  c++  java
  • 【Raspberry pi】set up an ftp server

    http://www.debian-administration.org/articles/228

    As a means of distributing large collections of files FTP is still a popular choice, despite the rise of bittorrent, and the growing number of HTTP servers.

    FTP is an often overlooked method of storing and giving access to files, in many cases FTP servers have been retired in place of webservers such as Apache.

    But there are a lot of cases where offering access via FTP makes sense, even with the limitations of FTP - most notably the difficulty of firewalling and the security risk involved in using plaintext passwords.

    There are several different FTP servers packaged within Debian, which you can see via:

    apt-cache search ftp-server
    One of the most popular servers around is proftpd, and that can be installed upon Debian systems with:

    apt-get install proftpd
    Once downloaded debconf will ask if you wish to run the server via inetd, or in a standalone fashion. In general you want the latter option.

    After the installation the server will be running, and will grant access to all user accounts upon the host.

    If you wish to stop the server prior to more configuration you can do so with:

    /etc/init.d/proftpd stop
    The configuration of proftpd is conducted via the configuration file of /etc/proftpd.conf.

    Security Options
    There are several security options you can enable in proftpd, the most notable is the use of TLS security.

    To use TLS you will need to generate a key, and update your server's configuration file to use it.

    Generating a key is simple enough with the openssl command, which is contained in the openssl package:

    mkdir /etc/proftpd
    cd /etc/proftpd
    openssl req -new -x509 -days 365 -nodes -out ftpd-rsa.pem
    -keyout ftpd-rsa-key.pem
    With the files generated you can add the following to your proftpd.conf file:

    <IfModule mod_tls.c>
    TLSEngine on
    TLSLog /var/log/proftpd-tls.log
    TLSProtocol TLSv1

    # Are clients required to use FTP over TLS when talking to this server?
    TLSRequired off

    TLSRSACertificateFile /etc/proftpd/ftpd-rsa.pem
    TLSRSACertificateKeyFile /etc/proftpd/ftpd-rsa-key.pem

    # Authenticate clients that want to use FTP over TLS?
    TLSVerifyClient off
    </IfModule>
    Other security options include limiting users to particular directories. To limit the user "bob" to the starting directory "/tmp" you can use:

    DefaultRoot /tmp bob
    The more general approach is to restrict users to their own home directory, which you can accomplish via:

    DefaultRoot ~
    This causes all users to be presented with the contents of their home directory (as specified by /etc/passwd) when they login.

    Permitting Anonymous Access
    To permit anonymous access to your server you will need to uncomment the configuration options which are already present in the standard /etc/proftpd.conf file.

    This is a good starting point:


    <Anonymous ~ftp>
    User ftp
    Group nogroup

    # We want clients to be able to login with "anonymous" as well as "ftp"
    UserAlias anonymous ftp

    # Cosmetic changes, all files belongs to ftp user
    DirFakeUser on ftp
    DirFakeGroup on ftp

    RequireValidShell off

    # Limit the maximum number of anonymous logins
    MaxClients 10

    # We want 'welcome.msg' displayed at login, and '.message' displayed
    # in each newly chdired directory.
    DisplayLogin welcome.msg
    DisplayFirstChdir .message

    # Limit WRITE everywhere in the anonymous chroot
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    This configuration setting allows users to login with either anonymous, or ftp, as username and they will be able to read from /home/ftp.

    Thankfully they will be unable to upload new content, or delete existing files. They will be given only read-only access to the server.

    Miscallaneous Options
    There are some other options which you might wish to change, for example the welcome message presented to clients.

    The welcome message presented is read from /home/ftp/welcome.msg, editing that file will immediately change the text sent to users.

    The hostname of your server is typically displayed to clients when they connect - in the Debian package the greeting only includes the string "Debian" - as you can see from the following session:

    user@host:~ ftp localhost
    Connected to localhost.localdomain.
    220 ProFTPD 1.2.10 Server (Debian) [127.0.0.1]
    To change this update the proftpd.conf file to include:

    ServerName "My.host.name"

  • 相关阅读:
    SpringBoot页面访问处理
    体验SpringBoot
    体验SpringBoot
    Scala基础
    修改容器配置使其永久生效
    [徐培成系列实战课程]docker篇
    v1.0.2-2017.04.26
    修改容器的hosts文件
    配置spark集群
    配置docker容器上ssh无密登录
  • 原文地址:https://www.cnblogs.com/colipso/p/3530394.html
Copyright © 2011-2022 走看看