FTP, SSH Remote Access and control

FTP

What is? FTP

FTP (File TransferProtocol, File transfer protocol ) Is a typical c/s Application layer protocol of architecture , The server software is required 、 The two parts of the client software jointly realize the file transfer function .FTP The connection between the client and the server is reliable , Connection oriented , It provides reliable guarantee for data transmission .tcp agreement : 20

21 port : Used to transmit instructions

20 port : For data transfer

IFTP It's a file transfer protocol , It supports two modes , One way is called Standard ( That is to say Active, Active way ), One is Passive( That is to say PASV, Passive way ).Standard Pattern FTP The client sends PORT Order to FTP server. Passive Pattern FTP The client sends PASVO Make FTP Server

Standard Pattern

FTP The client first communicates with FTP Server Of TCP

21 Port establish connection , Send commands through this channel , When the client needs to receive data, it will send it on this channel PORT command .PORT The command contains what port the client uses to receive data . When transmitting data , Server side through their own TCP 20 Port send data .FTPserver A new connection must be established with the client to transmit data .

Active mode ：

1)FTP Connection request （ user 、 Password connection mode command port, etc ）

2）FTP Server response （ACK）, The server 21 Port number and client number （ High port ）FTP Session connection

3）FTP The server from its own 20 The connection request sent by the port connection client is the port provided by the active mode command （ High position ）

4） Finally, the client sends ACK confirm , Start data transmission

Passive Pattern

When establishing control channels and Standard Similar model , When the client sends through this channel PASV When ordered ,FTP

server Open a window located in 1024 and 5000 And notify the client of the request to transmit data on this port , then FTP server Data will be transmitted through this port , This is the time FTP server There is no longer a need to establish a new connection with the client .

Passive mode ：

1）FTP Connection request （ user 、 Password connection mode command port, etc ）

2）FTP Server response （ACK） The server 21 Port number and client number （ High position ） establish FTP Session connection , But this response process will tell the client , The server opens a high-level port for you to connect

3） The client connects to one of its high-level ports, and the server responds to the high-level port

4） The server gives the client a ACK Response , Next is the data transmission process

FTP Function and working principle

FTP effect

effect : Internet The protocol used to transfer documents on .

VSFTP Full name (very secure FTP)

VSFTP Pattern : c/s Pattern

FTP The server defaults to TCP Agreed 20、21 Port to communicate with the client

20 Ports are used to establish data connections , And transfer file data

21 Ports are used to establish control connections , And transmit FTP Control command

FTP Working principle and process

FTP There are two modes of data connection :

Active mode and passive mode

FTP The conversation consists of two channels , Control channel and data transmission channel , FTP There are two working modes of , One is active mode , One is passive mode , With FTP Server For reference , Active mode , The server actively connects to the client for transmission : Passive mode , Waiting for the customer to connect

Active mode ： The server initiates the data connection actively

Passive mode ： The server passively waits for data connections

experiment ： Build and configure FTP service

Check to see if the package is installed vsftp, Not installed for yum install

Turn on FTP service

Switch the service configuration directory , And back up

Modify the configuration file to enter vim /etc/vsftpd/vsftpd.conf

After modification .（ Write your own data on the next line ）

to FTP Under the root directory of pub The maximum permissions of subdirectories

Restart the service

testing

Set user mode login

take allow_writeable_chroot=YES Allow restricted user home directory to have write permission

Restart the service

Create a user to log in

!

Black and white list

userlist_list Default bit yes, Disable for blacklist

From the list zhux All are not logged in

SSH Remote management

openSSH The server

SSH (Secure Shell) agreement

It's a secure channel protocol

The communication data is encrypted , For remote administration

OpenSSH

The service name : sshd

Server main program : /usr/sbin/sshd

Server profile : /etc/ssh/sshd_config

Service listening options

Port number 、 Protocol version 、 monitor IP Address

Disable reverse parsing

[[email protected] -]# vi /etc/ssh/sshd_config

Port 22

ListenAddress 172.16.16.22

Protocol 2

UseDNS no

change Port 22 by Port 2020 , Regular login will not be available , need -p 2020

User login control

Ban root user 、 Empty password users

Limit login verification time 、 Retry count

AllowUsers, DenyUsers

[[email protected] -]# vi /etc/ssh/sshd_config

LoginGraceTime 2m

PermitRootLogin no

MaxAuthTries 6

PermitEmptyPasswords no

AllowUsers jerry [email protected] AllowUsers Don't go with DenyUsers Simultaneous use

Login authentication method

Password authentication : Check the user name 、 Does the password match

Key pair validation : Check the customer's private key 、 Whether the server public key matches

[[email protected] -]# vi /etc/ssh/sshd_config

PasswordAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile .ssh/authorized_keys Enable password authentication 、 Key pair validation 、 Specify the location of the public key library

Password authentication ：

SSH Client program

ssh command —— Remote secure login

Port options :-p 22

ssh [email protected]

command —— Remote secure replication

Format 1: scp [email protected]:file1 file2

Format 2: scp file1 [email protected]:file2

sftp command —— Security FTP Upload and download

sftp [email protected]

xshell

windows The next very powerful SSH Client software

Build key pair verification SSH system ：

Create a key pair in the passenger plane , Upload the public key file , Import it to the server-side user lisi The public key database of , Finally, the user identity of the server is used for login authentication .

Create a key pair

Second, give the public key file to the other user

Get into vim /etc/ssh/sshd_config

Revise the original yes Change to no wq Report an error and launch

systemctl restart sshd Restart the service

Be careful ： This configuration needs to be changed for both machines

3 Sign in