Otu esi etinye ma hazie FTP Server na Ubuntu


FTP (Protocol Transfer Protocol) bụ ụkpụrụ netwọkụ ọkọlọtọ ochie na nke a na-ejikarị eme ihe maka ibugo/nbudata faịlụ n'etiti kọmputa abụọ na netwọk. Agbanyeghị, FTP site na enweghị nchebe mbụ ya, n'ihi na ọ na-ebufe data yana nzere onye ọrụ (aha njirimara na paswọọdụ) na-enweghị ezoro ezo.

Ịdọ aka ná ntị: Ọ bụrụ na ị na-eme atụmatụ iji FTP, tụlee ịhazi njikọ FTP na SSL/TLS (ga-ekpuchi n'isiokwu na-esote). Ma ọ bụghị ya, ọ ka mma iji FTP echekwara dị ka SFTP.

N'ime nkuzi a, anyị ga-egosi otu esi etinye, hazie na chekwaa sava FTP (VSFTPD zuru oke \Very Secure FTP Daemon) na Ubuntu ka ị nweta nchekwa siri ike megide adịghị ike FTP.

Kwụpụ 1: Wụnye VsFTP Server na Ubuntu

1. Nke mbụ, anyị kwesịrị imelite ndepụta isi mmalite ngwugwu wee wụnye ngwugwu ọnụọgụ abụọ VSFTPD dị ka ndị a:

$ sudo apt-get update
$ sudo apt-get install vsftpd

2. Ozugbo echichi mezue, ọrụ ahụ ga-enwe nkwarụ na mbụ, ya mere, anyị kwesịrị iji aka malite ya maka oge ọ bụla ma mee ka ọ malite na-akpaghị aka site na akpụkpọ ụkwụ usoro ọzọ:

------------- On SystemD ------------- 
# systemctl start vsftpd
# systemctl enable vsftpd

------------- On SysVInit ------------- 
# service vsftpd start
# chkconfig --level 35 vsftpd on

3. Ọzọ, ọ bụrụ na ị nwere UFW firewall nyeere (ya anaghị enyere ya aka na ndabara) na sava ahụ, ị ga-emepe ọdụ ụgbọ mmiri 21 na 20 ebe FTP daemons na-ege ntị, iji kwe ka ịnweta ọrụ FTP site na igwe dịpụrụ adịpụ, wee tinye ya. iwu firewall ọhụrụ dị ka ndị a:

$ sudo ufw allow 20/tcp
$ sudo ufw allow 21/tcp
$ sudo ufw status

Kwụpụ 2: Ịhazi na ịchekwa sava VsFTP na Ubuntu

4. Ka anyị mee nhazi ole na ole iji dozie ma chekwaa ihe nkesa FTP anyị, nke mbụ anyị ga-emepụta ndabere nke faịlụ nhazi mbụ /etc/vsftpd/vsftpd.conf dị ka ya:

$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

Ọzọ, ka anyị mepee faịlụ nhazi vsftpd.

$ sudo vi /etc/vsftpd.conf
OR
$ sudo nano /etc/vsftpd.conf

Tinye/gbanwee nhọrọ ndị a na ụkpụrụ ndị a:

anonymous_enable=NO             # disable  anonymous login
local_enable=YES		# permit local logins
write_enable=YES		# enable FTP commands which change the filesystem
local_umask=022		        # value of umask for file creation for local users
dirmessage_enable=YES	        # enable showing of messages when users first enter a new directory
xferlog_enable=YES		# a log file will be maintained detailing uploads and downloads
connect_from_port_20=YES        # use port 20 (ftp-data) on the server machine for PORT style connections
xferlog_std_format=YES          # keep standard log file format
listen=NO   			# prevent vsftpd from running in standalone mode
listen_ipv6=YES		        # vsftpd will listen on an IPv6 socket instead of an IPv4 one
pam_service_name=vsftpd         # name of the PAM service vsftpd will use
userlist_enable=YES  	        # enable vsftpd to load a list of usernames
tcp_wrappers=YES  		# turn on tcp wrappers

5. Ugbu a, hazie VSFTPD iji kwe/jụ ohere FTP ndị ọrụ dabere na faịlụ ndepụta onye ọrụ /etc/vsftpd.userlist.

Rịba ama na site na ndabara, ndị ọrụ edepụtara na userlist_file=/etc/vsftpd.userlist anaghị anabata ohere ịbanye na nhọrọ userlist_deny= EE ma ọ bụrụ na userlist_enable=YES.

Mana, nhọrọ userlist_deny=NO na-atụgharị ihe ntọala ndabara pụtara, yabụ naanị ndị ọrụ edepụtara aha njirimara ha na userlist_file=/etc/vsftpd.userlist ka a ga-ahapụ ịbanye na sava FTP.

userlist_enable=YES                   # vsftpd will load a list of usernames, from the filename given by userlist_file
userlist_file=/etc/vsftpd.userlist    # stores usernames.
userlist_deny=NO   

Ihe dị mkpa: Mgbe ndị ọrụ na-abanye na sava FTP, a na-edobe ha n'ụlọ mkpọrọ chrooted, nke a bụ ndekọ ndekọ mgbọrọgwụ nke obodo nke ga-arụ ọrụ dị ka ndekọ ụlọ ha maka naanị nnọkọ FTP.

Na-esote, anyị ga-eleba anya n'ọnọdụ abụọ enwere ike ịme ka esi edobe akwụkwọ ndekọ ụlọ mkpọrọ chrooted (mgbọrọgwụ mpaghara), dị ka akọwara n'okpuru.

6. N'ebe a, ka anyị tinye/gbanwee/uncomment abụọ ndị a nhọrọ iji gbochie FTP ọrụ na ha Home directories.

chroot_local_user=YES
allow_writeable_chroot=YES

Nhọrọ chroot_local_user=YES pụtara na a ga-edobe ndị ọrụ mpaghara n'ụlọ nga chroot, akwụkwọ ndekọ ụlọ ha na ndabara ma ha banyechara.

Anyị ga-aghọta nke ọma na VSFTPD anaghị ekwe ka akwụkwọ ndekọ ụlọ mkpọrọ chroot bụrụ nke a na-ede, na ndabara maka ihe nchekwa, agbanyeghị, anyị nwere ike iji nhọrọ allow_writeable_chroot=YES gbanyụọ ntọala a.

Chekwaa faịlụ ma mechie ya. Mgbe ahụ, anyị ga-amalitegharị ọrụ VSFTPD maka mgbanwe ndị dị n'elu iji mee ihe:

------------- On SystemD ------------- 
# systemctl restart vsftpd

------------- On SysVInit ------------- 
# service vsftpd restart

Kwụpụ 3: Na-anwale sava VsFTP na Ubuntu

7. Ugbu a, anyị ga-anwale nkesa FTP site na ịmepụta onye ọrụ FTP na useradd iwu dị ka ndị a:

$ sudo useradd -m -c "Aaron Kili, Contributor" -s /bin/bash aaronkilik
$ sudo passwd aaronkilik

Mgbe ahụ, anyị ga-edepụta nke ọma aronkilik onye ọrụ na faịlụ /etc/vsftpd.userlist na iwu echo na tee dị ka n'okpuru:

$ echo "aaronkilik" | sudo tee -a /etc/vsftpd.userlist
$ cat /etc/vsftpd.userlist

8. Ugbu a ọ bụ oge iji nwalee nhazi anyị n'elu na-arụ ọrụ dị ka achọrọ. Anyị ga-amalite site na ịnwale logins na-amaghị aha; anyị nwere ike ịhụ nke ọma site na mmepụta dị n'okpuru na anabataghị nbanye na-amaghị aha na sava FTP:

# ftp 192.168.56.102
Connected to 192.168.56.102  (192.168.56.102).
220 Welcome to TecMint.com FTP service.
Name (192.168.56.102:aaronkilik) : anonymous
530 Permission denied.
Login failed.
ftp> bye
221 Goodbye.

9. Ọzọ, ka anyị nwalee ma ọ bụrụ na onye ọrụ na-edeghị na faịlụ /etc/vsftpd.userlist ga-enye ikike ịbanye, nke na-abụghị eziokwu site na mmepụta na-esonụ:

# ftp 192.168.56.102
Connected to 192.168.56.102  (192.168.56.102).
220 Welcome to TecMint.com FTP service.
Name (192.168.56.10:root) : user1
530 Permission denied.
Login failed.
ftp> bye
221 Goodbye.

10. Ugbu a, anyị ga-eme ule ikpeazụ iji chọpụta ma onye ọrụ depụtara na faịlụ /etc/vsftpd.userlist, na-etinye n'ezie na ndekọ ụlọ ya mgbe nbanye. Ma nke a bụ eziokwu site na mmepụta n'okpuru:

# ftp 192.168.56.102
Connected to 192.168.56.102  (192.168.56.102).
220 Welcome to TecMint.com FTP service.
Name (192.168.56.102:aaronkilik) : aaronkilik
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls

Ịdọ aka ná ntị: Ịtọ ntọala allow_writeable_chroot=YES nwere ike ịdị ize ndụ, ọ nwere ike ịpụta ihe nchekwa, ọkachasị ma ọ bụrụ na ndị ọrụ nwere ikike bulite, ma ọ bụ karịa, ịnweta shei. Jiri naanị ya ma ọ bụrụ na ị maara nke ọma ihe ị na-eme.

Anyị kwesịrị ịma na ihe nchekwa ndị a akọwapụtaghị na VSFTPD, ha nwekwara ike imetụta daemons FTP ndị ọzọ na-enye itinye ndị ọrụ mpaghara na jails chroot.

N'ihi nke a, na ngalaba dị n'okpuru ebe a, anyị ga-akọwa ụzọ dị nchebe karị nke ịtọ akwụkwọ ndekọ mgbọrọgwụ mpaghara dị iche na-abụghị nke edeghị ede maka onye ọrụ.

Kwụpụ 4: Hazie akwụkwọ ndekọ aha onye ọrụ FTP na Ubuntu

11. Ugbu a, mepee faịlụ nhazi VSFTPD otu ugboro ọzọ.

$ sudo vi /etc/vsftpd.conf
OR
$ sudo nano /etc/vsftpd.conf

wee jiri mkpụrụedemede # kọwaa nhọrọ enweghị nchekwa dị ka egosiri n'okpuru:

#allow_writeable_chroot=YES

Na-esote, mepụta akwụkwọ ndekọ mgbọrọgwụ ọzọ maka onye ọrụ (aaronkilik, nke gị nwere ike ọ bụghị otu) wee tọọ ikike achọrọ site na iwepu ikike idere ndị ọrụ ndị ọzọ niile na ndekọ a:

$ sudo mkdir /home/aaronkilik/ftp
$ sudo chown nobody:nogroup /home/aaronkilik/ftp
$ sudo chmod a-w /home/aaronkilik/ftp

12. Mgbe ahụ, mepụta ndekọ n'okpuru mgbọrọgwụ mpaghara na ikike kwesịrị ekwesị ebe onye ọrụ ga-echekwa faịlụ ya:

$ sudo mkdir /home/aaronkilik/ftp/files
$ sudo chown -R aaronkilk:aaronkilik /home/aaronkilik/ftp/files
$ sudo chmod -R 0770 /home/aaronkilik/ftp/files/

Mgbe nke ahụ gasịrị, tinye/gbanwee nhọrọ dị n'okpuru na faịlụ nhazi VSFTPD na ụkpụrụ ha kwekọrọ:

user_sub_token=$USER          # inserts the username in the local root directory 
local_root=/home/$USER/ftp    # defines any users local root directory

Chekwaa faịlụ ma mechie ya. Ma malitegharịa ọrụ VSFTPD site na iji ntọala ndị na-adịbeghị anya:

------------- On SystemD ------------- 
# systemctl restart vsftpd

------------- On SysVInit ------------- 
# service vsftpd restart

13. Ugbu a, ka anyị rụọ nlele ikpeazụ ma jide n'aka na ndekọ ndekọ mgbọrọgwụ nke onye ọrụ bụ akwụkwọ ndekọ FTP anyị kere na ndekọ ụlọ ya.

# ftp 192.168.56.102
Connected to 192.168.56.102  (192.168.56.102).
220 Welcome to TecMint.com FTP service.
Name (192.168.56.10:aaronkilik) : aaronkilik
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls

Ọ bụ ya! Cheta ịkọrọ echiche gị gbasara ntuziaka a site na ụdị nkọwa dị n'okpuru ma ọ bụ nwee ike ịnye anyị ozi ọ bụla dị mkpa gbasara isiokwu a.

N'ikpeazụ ma ọ dịghị ihe ọzọ, echefula akụkọ anyị na-esote, ebe anyị ga-akọwa otu esi echekwa ihe nkesa FTP site na iji njikọ SSL/TLS na Ubuntu 16.04/16.10, ruo mgbe ahụ, nọrọ na nche mgbe niile na TecMint.