当前位置:网站首页>FTP, SSH Remote Access and control
FTP, SSH Remote Access and control
2022-04-23 19:00:00 【Zhu Xuan's blog】
FTP
What is? FTP
FTP (File TransferProtocol, File transfer protocol ) Is a typical c/s Application layer protocol of architecture , The server software is required 、 The two parts of the client software jointly realize the file transfer function .FTP The connection between the client and the server is reliable , Connection oriented , It provides reliable guarantee for data transmission .tcp agreement : 20
21 port : Used to transmit instructions
20 port : For data transfer
IFTP It's a file transfer protocol , It supports two modes , One way is called Standard ( That is to say Active, Active way ), One is Passive( That is to say PASV, Passive way ).Standard Pattern FTP The client sends PORT Order to FTP server. Passive Pattern FTP The client sends PASVO Make FTP Server
Standard Pattern
FTP The client first communicates with FTP Server Of TCP
21 Port establish connection , Send commands through this channel , When the client needs to receive data, it will send it on this channel PORT command .PORT The command contains what port the client uses to receive data . When transmitting data , Server side through their own TCP 20 Port send data .FTPserver A new connection must be established with the client to transmit data .
Active mode :
1)FTP Connection request ( user 、 Password connection mode command port, etc )
2)FTP Server response (ACK), The server 21 Port number and client number ( High port )FTP Session connection
3)FTP The server from its own 20 The connection request sent by the port connection client is the port provided by the active mode command ( High position )
4) Finally, the client sends ACK confirm , Start data transmission
Passive Pattern
When establishing control channels and Standard Similar model , When the client sends through this channel PASV When ordered ,FTP
server Open a window located in 1024 and 5000 And notify the client of the request to transmit data on this port , then FTP server Data will be transmitted through this port , This is the time FTP server There is no longer a need to establish a new connection with the client .
Passive mode :
1)FTP Connection request ( user 、 Password connection mode command port, etc )
2)FTP Server response (ACK) The server 21 Port number and client number ( High position ) establish FTP Session connection , But this response process will tell the client , The server opens a high-level port for you to connect
3) The client connects to one of its high-level ports, and the server responds to the high-level port
4) The server gives the client a ACK Response , Next is the data transmission process
FTP Function and working principle
FTP effect
effect : Internet The protocol used to transfer documents on .
VSFTP Full name (very secure FTP)
VSFTP Pattern : c/s Pattern
FTP The server defaults to TCP Agreed 20、21 Port to communicate with the client
20 Ports are used to establish data connections , And transfer file data
21 Ports are used to establish control connections , And transmit FTP Control command
FTP Working principle and process
FTP There are two modes of data connection :
Active mode and passive mode
FTP The conversation consists of two channels , Control channel and data transmission channel , FTP There are two working modes of , One is active mode , One is passive mode , With FTP Server For reference , Active mode , The server actively connects to the client for transmission : Passive mode , Waiting for the customer to connect
Active mode : The server initiates the data connection actively
Passive mode : The server passively waits for data connections
experiment : Build and configure FTP service
Check to see if the package is installed vsftp, Not installed for yum install
Turn on FTP service
Switch the service configuration directory , And back up
Modify the configuration file to enter vim /etc/vsftpd/vsftpd.conf
After modification .( Write your own data on the next line )
to FTP Under the root directory of pub The maximum permissions of subdirectories
Restart the service
testing
Set user mode login
take allow_writeable_chroot=YES Allow restricted user home directory to have write permission
Restart the service
Create a user to log in
!
Black and white list
userlist_list Default bit yes, Disable for blacklist
From the list zhux All are not logged in
SSH Remote management
openSSH The server
SSH (Secure Shell) agreement
It's a secure channel protocol
The communication data is encrypted , For remote administration
OpenSSH
The service name : sshd
Server main program : /usr/sbin/sshd
Server profile : /etc/ssh/sshd_config
Service listening options
Port number 、 Protocol version 、 monitor IP Address
Disable reverse parsing
[[email protected] -]# vi /etc/ssh/sshd_config
Port 22
ListenAddress 172.16.16.22
Protocol 2
UseDNS no
change Port 22 by Port 2020 , Regular login will not be available , need -p 2020
User login control
Ban root user 、 Empty password users
Limit login verification time 、 Retry count
AllowUsers, DenyUsers
[[email protected] -]# vi /etc/ssh/sshd_config
LoginGraceTime 2m
PermitRootLogin no
MaxAuthTries 6
PermitEmptyPasswords no
AllowUsers jerry [email protected] AllowUsers Don't go with DenyUsers Simultaneous use
Login authentication method
Password authentication : Check the user name 、 Does the password match
Key pair validation : Check the customer's private key 、 Whether the server public key matches
[[email protected] -]# vi /etc/ssh/sshd_config
PasswordAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys Enable password authentication 、 Key pair validation 、 Specify the location of the public key library
Password authentication :
SSH Client program
ssh command —— Remote secure login
Port options :-p 22
command —— Remote secure replication
Format 1: scp [email protected]:file1 file2
Format 2: scp file1 [email protected]:file2
sftp command —— Security FTP Upload and download
sftp [email protected]
xshell
windows The next very powerful SSH Client software
Build key pair verification SSH system :
Create a key pair in the passenger plane , Upload the public key file , Import it to the server-side user lisi The public key database of , Finally, the user identity of the server is used for login authentication .
Create a key pair
Second, give the public key file to the other user
Get into vim /etc/ssh/sshd_config
Revise the original yes Change to no wq Report an error and launch
systemctl restart sshd Restart the service
Be careful : This configuration needs to be changed for both machines
3 Sign in
版权声明
本文为[Zhu Xuan's blog]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231844445102.html
边栏推荐
猜你喜欢
Ctfshow - web362 (ssti)
【历史上的今天】4 月 23 日:YouTube 上传第一个视频;网易云音乐正式上线;数字音频播放器的发明者出生
ESP32 LVGL8. 1 - textarea text area (textarea 26)
Introduction to ROS learning notes (I)
2022.04.23(LC_714_买卖股票的最佳时机含手续费)
MySQL学习第五弹——事务及其操作特性详解
7、 DOM (Part 2) - chapter after class exercises and answers
Using Visual Studio code to develop Arduino
ESP32 LVGL8. 1 - bar progress bar (bar 21)
ESP32 LVGL8. 1 - checkbox (checkbox 23)
随机推荐
SSDB基础1
Methods of nested recycleview to solve sliding conflict and incomplete item display
#yyds干货盘点#stringprep --- 因特网字符串预备
Machine learning theory (8): model integration ensemble learning
解决:cnpm : 無法加載文件 ...\cnpm.ps1,因為在此系統上禁止運行脚本
ESP32 LVGL8. 1 - arc (arc 19)
iptables -L执行缓慢
WebView opens H5 video and displays gray background or black triangle button. Problem solved
Teach you to quickly rename folder names in a few simple steps
mysql_linux版本的下载及安装详解
MVVM model
深入理解 Golang 中的 new 和 make 是什么, 差异在哪?
Introduction to micro build low code zero Foundation (lesson 3)
c1000k TCP 连接上限测试1
Is it safe to open an account in Bohai futures.
ESP32 LVGL8. 1 - textarea text area (textarea 26)
The first leg of the national tour of shengteng AI developer creation and enjoyment day was successfully held in Xi'an
ESP32 LVGL8. 1 - msgbox message box (msgbox 28)
One of the reasons why the WebView web page cannot be opened (and some WebView problem records encountered by myself)
Résolution: cnpm: impossible de charger le fichier... Cnpm. PS1 parce que l'exécution de scripts est désactivée sur ce système