Linux网络文件共享服务之FTP(7)

LISTEN    0      64                      :::21                      :::*      users:(("xinetd",3966,5))

[root@test-node1 ~]#ftp 192.168.0.151

Connected to 192.168.0.151 (192.168.0.151).

220 (vsFTPd 2.2.2)

Name (192.168.0.151:root): ftp

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> ls

227 Entering Passive Mode (192,168,0,151,252,106).

150 Here comes the directory listing.

drwxr-xr-x    2 0        0            4096 Mar 22  2017 pub

226 Directory send OK.

ftp> cd pub

250 Directory successfully changed.

ftp> ls

227 Entering Passive Mode (192,168,0,151,230,82).

150 Here comes the directory listing.

226 Directory send OK.

ftp> bye

221 Goodbye.

[root@test-node1 ~]#

　　说明：centos7上用以上方式是可以开启以xinetd来代管vsftpd，但是没法连接去使用，不知道为什么。centos6上用以上方式是可以的。

　　六、基于ssl的ftps实现

　　　　1）查看是否支持SSL

[root@test ~]#ldd `which vsftpd`

        linux-vdso.so.1 =>  (0x00007ffe512c9000)

        libssl.so.10 => /lib64/libssl.so.10 (0x00007f3e65c8a000)

        libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f3e65a7f000)

        libnsl.so.1 => /lib64/libnsl.so.1 (0x00007f3e65865000)

        libpam.so.0 => /lib64/libpam.so.0 (0x00007f3e65656000)

        libcap.so.2 => /lib64/libcap.so.2 (0x00007f3e65451000)

        libdl.so.2 => /lib64/libdl.so.2 (0x00007f3e6524d000)

        libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f3e64deb000)

        libc.so.6 => /lib64/libc.so.6 (0x00007f3e64a1e000)

        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f3e647d1000)

        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f3e644e8000)

        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f3e642e4000)

        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f3e640b1000)

        libz.so.1 => /lib64/libz.so.1 (0x00007f3e63e9b000)

        libaudit.so.1 => /lib64/libaudit.so.1 (0x00007f3e63c72000)

        libattr.so.1 => /lib64/libattr.so.1 (0x00007f3e63a6d000)

        /lib64/ld-linux-x86-64.so.2 (0x00007f3e66127000)

        libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f3e6385d000)

        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f3e63659000)

        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f3e63440000)

        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f3e63224000)

        libcap-ng.so.0 => /lib64/libcap-ng.so.0 (0x00007f3e6301e000)

        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f3e62df7000)

        libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f3e62b95000)

[root@test ~]#

　　说明：我们都知道要想某个软件支持ssl，那么它必须调用ssl的库文件，ssl库文件就是libssl.so,用ldd命令可以查看某个应用调用的库文件有哪些

　　2）创建自签名证书

[root@test ~]#cd /etc/pki/tls/certs/

[root@test certs]#ls

ca-bundle.crt  ca-bundle.trust.crt  make-dummy-cert  Makefile  renew-dummy-cert

[root@test certs]#make vsftpd.pem

umask 77 ; \

PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \

PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \

/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2  ; \

cat $PEM1 >  vsftpd.pem ; \

echo ""    >> vsftpd.pem ; \

cat $PEM2 >> vsftpd.pem ; \

rm -f $PEM1 $PEM2

Generating a 2048 bit RSA private key

...........................+++

...+++

writing new private key to '/tmp/openssl.uUotmW'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:sichuan

Locality Name (eg, city) [Default City]:guangyuan

Organization Name (eg, company) [Default Company Ltd]:test

Organizational Unit Name (eg, section) []:test

Common Name (eg, your name or your server's hostname) []:ftp.test.com 

Email Address []:

[root@test certs]#ll

总用量 16

lrwxrwxrwx. 1 root root  49 6月  22 2019 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

lrwxrwxrwx. 1 root root  55 6月  22 2019 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

-rwxr-xr-x. 1 root root  610 3月  12 2019 make-dummy-cert

-rw-r--r--. 1 root root 2516 3月  12 2019 Makefile

-rwxr-xr-x. 1 root root  829 3月  12 2019 renew-dummy-cert

-rw-------  1 root root 3027 12月 27 22:54 vsftpd.pem

[root@test certs]#cat vsftpd.pem

-----BEGIN PRIVATE KEY-----

MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDWYYttWUinc+z9

uzcaEJ38qC3WEp/SNgijGj1Kn8dovJSvxgUHYuZlzgnBe3UfTrkHsQTj/f1y8OUd

4/8UCw1YRjPdZJAhZ4cnCwj6mgSxXM/ru0k232m7IeSZ5RcV/LlEZ+6wxmsv+Vow

2iaGDLlxaXczSgpHb4n0zigswCVzegmXQpQxBZvAuEEzyg204+Qf7J0qJPfc8j0H

F4Gx806C+FAlMxD79pAGxzlyb8w3gosG1H4eIlHJKtXUsZIo5cvPZxlVVqrg6SD4

o1U6FfIVGtOA0Ud4DtQnasrfQOWUOTuQrfJiykShVM8iCp5xGdZMWwD6cP0DbDdB

OUa4hB8PAgMBAAECggEAfckMGuPZKk9tjU6svQFlAVrYUhPpbFjB5pk9vyxSv1Ru

1VeVmcjgsHkc5kZ+6Riynh2yZeegLzHC7S/aebMmaFYAlnUr0D3DYhgqc4etGzf+

0yy3f5fEnMT9MYLmccMwHT/yIAy71ZEz5xgIpHyQzkd4ZkKaF2INivLvRZqUHtU4

IrzkGyF26DJNgw8+s5C+VtpF9Ii8oLQfvBvIkud4tw47rHpU5jp3Osply//s2Q8C

fHWcjqzHPWH6qSW9xppatXkJJmTiqYt9kiFJyEd5gf4ELkSEmv02Q9OHnCt6W4wo

/4EtlsfLcCPvkVjgI66PNCxObCkh13WoBOe/MJNuyQKBgQDrp3ZFPeWGMqCUTYHf

mHLlJcTtgCsqu3fxRYvG/gc5cy2Th8ECXJE4X08X6stCqBrlaLqnc2YgXjl0fNGL

YqjlXX/KymsmRWIUfBCLux6JqTfU9klQyzbZgbSIfZE0ATplT6J8MdpmzhnQJX2O

xm80KI9Vv4GmqtctjGiw4h0XcwKBgQDo4+Ty4h//VatA7sxpnDjY88y58cPyp/J1

4g0DUx2R4RVbCBkp+XgX7VXXT0TghuQSUwzvrVse9JrRxh7JegdkVshdiE2pg4NT

k+OJRi7fbWoX5cfPRCSJ1FXsNY2kz8gMhXuDWLualcQg83sHjdyUGdpCEn5i8dc1

xmsw98ka9QKBgHFNROopxm9tbBOh6G2vCJ7wN+zREPAszpBslbYJcUPIAwPJ45zV

EOV/vbGMLEpSNQxT/FqCe3nYk9tUIBPaTcZp3AWOqVHvTib3N6VXRGl/uN5lw/5a

lnahjEGLzgKpDICld0QrXAzNz09qlyHMeq8jSTc7KoUN4wN9XOCe9snNAoGBAIzv

POHvDcYLJfPJj1JqA8zm3QG52QbDs+q6vX1Bkydwuue34uKP4ak5KzV89wWZG/Qq

5i01D2uQQxCngIIUotyJ1/8iOT1YJOUzHgM4wazcHdQQbfZ0Glh+cvDbB7ixNTK+

pJw72mwWLfZy4gUUSGQnsPlDD9D44W/df4jGqqDxAoGAM107eZVXENYYbVNae0M3

K1o/kg+hVgkTtKJj1t3eMTZSOEIOlwHH48KkIdF5T37t5BQ2cmLaoBqAY2rJMP8U

YhQ65LrpC/m9IyewjE5lD5Zkz51WToMHSA9K+++1VY7+x5aJk4KJobBGl5BHMPDU

hxdjIeQujOoWlRLLWMCn/CE=

-----END PRIVATE KEY-----

 

-----BEGIN CERTIFICATE-----

MIIDozCCAougAwIBAgIJAIBmy3n1yB5dMA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV

BAYTAkNOMRAwDgYDVQQIDAdzaWNodWFuMRIwEAYDVQQHDAlndWFuZ3l1YW4xDTAL

BgNVBAoMBHRlc3QxDTALBgNVBAsMBHRlc3QxFTATBgNVBAMMDGZ0cC50ZXN0LmNv

bTAeFw0xOTEyMjcxNDU0MDFaFw0yMDEyMjYxNDU0MDFaMGgxCzAJBgNVBAYTAkNO

MRAwDgYDVQQIDAdzaWNodWFuMRIwEAYDVQQHDAlndWFuZ3l1YW4xDTALBgNVBAoM

BHRlc3QxDTALBgNVBAsMBHRlc3QxFTATBgNVBAMMDGZ0cC50ZXN0LmNvbTCCASIw

DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANZhi21ZSKdz7P27NxoQnfyoLdYS

n9I2CKMaPUqfx2i8lK/GBQdi5mXOCcF7dR9OuQexBOP9/XLw5R3j/xQLDVhGM91k

kCFnhycLCPqaBLFcz+u7STbfabsh5JnlFxX8uURn7rDGay/5WjDaJoYMuXFpdzNK

CkdvifTOKCzAJXN6CZdClDEFm8C4QTPKDbTj5B/snSok99zyPQcXgbHzToL4UCUz

EPv2kAbHOXJvzDeCiwbUfh4iUckq1dSxkijly89nGVVWquDpIPijVToV8hUa04DR

R3gO1Cdqyt9A5ZQ5O5Ct8mLKRKFUzyIKnnEZ1kxbAPpw/QNsN0E5RriEHw8CAwEA

AaNQME4wHQYDVR0OBBYEFBIAwA/ZbgW55Ljm/5Q/55wuGDd+MB8GA1UdIwQYMBaA

FBIAwA/ZbgW55Ljm/5Q/55wuGDd+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL

BQADggEBAIXXG0y8PiEkBFCbnusCOK7llJkzMhmogJjWFcLn9UfKzHvgpC1bhCRw

P8TKbviL616grY40NKHvGfy1kpO6vxykSnUnjATloTGyySnVQpmGOwVVT29t3Gtp

Opay0nrhKoyIZIMV44pHhPIbRAkofex3lNOXaL2lWCV8Es/1IXniyuq8XML3JSMZ

d+Lbu0P+e8sUQNQc1NCnbAUN6qFmG+LSjr+hRS25IlKQTATjMPNLcucGsF+2jwIQ

ScsSr4vVvYAj3JeW/2gV71hr4rZI8wLCZLszKKuhyyCGL2cpkS5Hwa3dahprEVkm

RB9ehsAnYgfTOMVPnzS1pgEem8cqDLg=

-----END CERTIFICATE-----

[root@test certs]#