260 likes | 402 Views
Chapter 19 FTP: Transferring Files Across a Network. FTP Client JumpStart: Downloading Files Using fip Notes Anonymous FTP Automatic Login Binary versus ASCII Transfer Mode ftp Specifics FTP Server (vsftpd) JumpStart: Starting a vsftpd Server Testing the Setup
E N D
Chapter 19 FTP: Transferring Files Across a Network • FTP Client • JumpStart: Downloading Files Using fip Notes • Anonymous FTP • Automatic Login • Binary versus ASCII Transfer Mode • ftp Specifics • FTP Server (vsftpd) • JumpStart: Starting a vsftpd Server • Testing the Setup • vsftpd.conf: Configuring vsftpd
Introduction • ftp has been around as one of the original TCP/IP protocols • ftp and vsftpd – this chapter will focus more on vsftpd since it is provided with Fedora • Security – vsftp is secure, ftp is not • Connections – passive is client initiated connection, active is if server initiates
FTP Client • ftp – command line, Linux or Windows • sftp – secure ftp, part of OpenSSH • gftp – graphical ftp, supports ftp, SSH, and HTTP • ncftp – Fedora text-based utility with more features than standard ftp
]umpStart: Downloading Files Using ftp • Basic commands: • ftp ftp.server.net • ftp> open ftp.server.net • ftp> user • ftp> get (mget) • ftp> put (mput) • ftp> prompt • ftp> hash • ftp> ascii or binary • ftp> cd and lcd • ftp> quit or bye
Anonymous FTP • Can use user id of either • anonymous or • ftp (some systems) • Enter email address as password if necessary, see automatic login below • ftp server can use reverse DNS to verify
Automatic Login • Place ~/.netrc file in your home directory to allow automatic login: $ cat .netrc machine bravo login jimbo password xyz123 • Make readable only by owner! • Can defeat at ftp server config file
Binary versus ASCII Transfer Mode • Binary mode (default for some systems) provides a byte by byte exact transfer • ASCII (ascii) mode converts end of line characters between Windows and Unix systems • Can also use dos2unix or unix2dos • Security – always use binary mode
ftp Specifics • Format – ftp [-options] server • Options: • -i interactive • -g globbing, file name expansion with wild cards • -v verbose • -n no automatic login with .netrc
ftp commands • Shell command = !command (!ls) • Transfer files: • append local remote • get remote-file [new local file name] • mget remote-file-list [wild cards allowed] • put local-file [new remote file name] • mput remote-file-list [wild cards allowed] • newer remote-file [new local file name] • reget remote-file [new local file name]
status • ascii – sets transfer mode to ASCII • binary – sets transfer mode to binary • close – quits ftp server without leaving ftp • open [server name] – opens new ftp connection • hash – shows hash marks (#) during transfers • prompt – toggles prompts for transfers • passive – toggles between passive and active • user – sign in as different user • quit or bye – exits ftp site and closes ftp
Directories • cd - changes directories on ftp server/site • lcd – changes local directories on your machine • Do not use ftp> ! cd newdirectory • Remember that the environment does not change in a spawned process!
Files • chmod – to change permissions on files • delete – to delete remote file(s) if allowed • mdelete remote-file-list
Display Information • dir – like ls but has file option: • dir [remote-dir] file • (file saved on your local system with contents of the remote directory listing) • ls – same as dir but with more information • help – shows commands • pwd – print working remote directory • status – status information • verbose – to see all that is happening
FTP Server (vsftpd) • The vsftpd package is installed by default on Red Hat systems • Modes: • Standalone – set listen parameter to “yes” in vsftpd.conf file • Normal – use xinetd superserver to start and stop, set to normal by default
JumpStart: Starting a vsftpd Server • Make sure service is running: # /sbin/service vsftpd status vsftpd (pid 3022) is running . . . • Check permissions in /var/ftp directory # ls –ld /var/ftp drwxr-xr-x 4 root root 4096 Aug 12 /var/ftp
vsftpd.conf: Configuring vsftpd • Standalone – listen=yes • listen_port (default 21) • listen_address – defaults to any network interface • max_clients – set to 0 for unlimited • max_per_ip – set to 0 for any IP address allowed
Logging in • userlist_enable – yes further checks userlist_deny, no does not check the list, more secure is no • userlist_deny – list of users denied access • userlist_file – name of user list file • local_enable – allows users in /etc/passwd file to log onto system
Anonymous Users • anonymous_enable – yes allows anonymous • no_anon_password – yes won’t ask for password • deny_email_enable – yes checks if email password user is denied access to system • banned_email_file – list of denied users by email address
Working Directories and chroot jail • chroot_list_enable – sets user in jail either in their home directory or in /var/ftp • chroot_local_user – if set to no local user can move around directory structure • chroot_list_file – naem of the file if chroot_list_file is set to yes • passwd_chroot_enable – allows local user to cd to home directory (/home/./jones) • secure_chroot_dir – empty directory that is not writeable by user ftp, a secure chroot jail
Messages • dirmessage_enable – yes displays .message • banner_file – file that is displayed at login, overrides ftpd_banner • ftpd_banner – overrides the standard vsftpd greeting banner at connection time • And speaking of banners: