cis238/dl1 chapter 19 ftp: transferring files across a network ftp client jumpstart: downloading...
TRANSCRIPT
CIS238/DL 1
Chapter 19 FTP: Transferring Files Across a Network
• FTP Client • JumpStart: Downloading Files Using fip Notes • Anonymous FTP • Automatic Login • Binary versus ASCII Transfer Mode • ftp Specifics • FTP Server (vsftpd) • JumpStart: Starting a vsftpd Server • Testing the Setup • vsftpd.conf: Configuring vsftpd
CIS238/DL 2
Introduction
• ftp has been around as one of the original TCP/IP protocols
• ftp and vsftpd – this chapter will focus more on vsftpd since it is provided with Fedora
• Security – vsftp is secure, ftp is not
• Connections – passive is client initiated connection, active is if server initiates
CIS238/DL 3
FTP Client
• ftp – command line, Linux or Windows
• sftp – secure ftp, part of OpenSSH
• gftp – graphical ftp, supports ftp, SSH, and HTTP
• ncftp – Fedora text-based utility with more features than standard ftp
CIS238/DL 7
]umpStart: Downloading Files Using ftp
• Basic commands:– ftp ftp.server.net
– ftp> open ftp.server.net
– ftp> user
– ftp> get (mget)
– ftp> put (mput)
– ftp> prompt
– ftp> hash
– ftp> ascii or binary
– ftp> cd and lcd
– ftp> quit or bye
CIS238/DL 8
Anonymous FTP
• Can use user id of either– anonymous or
– ftp (some systems)
• Enter email address as password if necessary, see automatic login below
• ftp server can use reverse DNS to verify
CIS238/DL 9
Automatic Login
• Place ~/.netrc file in your home directory to allow automatic login:
$ cat .netrc
machine bravo login jimbo password xyz123
• Make readable only by owner!
• Can defeat at ftp server config file
CIS238/DL 10
Binary versus ASCII Transfer Mode
• Binary mode (default for some systems) provides a byte by byte exact transfer
• ASCII (ascii) mode converts end of line characters between Windows and Unix systems– Can also use dos2unix or unix2dos
– Security – always use binary mode
CIS238/DL 11
ftp Specifics
• Format – ftp [-options] server
• Options:– -i interactive
– -g globbing, file name expansion with wild cards
– -v verbose
– -n no automatic login with .netrc
CIS238/DL 12
ftp commands
• Shell command = !command (!ls)• Transfer files:
– append local remote– get remote-file [new local file name]– mget remote-file-list [wild cards allowed]– put local-file [new remote file name]– mput remote-file-list [wild cards allowed]– newer remote-file [new local file name]– reget remote-file [new local file name]
CIS238/DL 13
status
• ascii – sets transfer mode to ASCII• binary – sets transfer mode to binary• close – quits ftp server without leaving ftp• open [server name] – opens new ftp connection• hash – shows hash marks (#) during transfers• prompt – toggles prompts for transfers• passive – toggles between passive and active • user – sign in as different user• quit or bye – exits ftp site and closes ftp
CIS238/DL 14
Directories
• cd - changes directories on ftp server/site
• lcd – changes local directories on your machine
• Do not use ftp> ! cd newdirectory
• Remember that the environment does not change in a spawned process!
CIS238/DL 15
Files
• chmod – to change permissions on files
• delete – to delete remote file(s) if allowed
• mdelete remote-file-list
CIS238/DL 16
Display Information
• dir – like ls but has file option:– dir [remote-dir] file – (file saved on your local system with contents of
the remote directory listing)
• ls – same as dir but with more information• help – shows commands• pwd – print working remote directory• status – status information• verbose – to see all that is happening
CIS238/DL 17
FTP Server (vsftpd)
• The vsftpd package is installed by default on Red Hat systems
• Modes:– Standalone – set listen parameter to “yes”
in vsftpd.conf file
– Normal – use xinetd superserver to start and stop, set to normal by default
CIS238/DL 18
JumpStart: Starting a vsftpd Server
• Make sure service is running:# /sbin/service vsftpd status
vsftpd (pid 3022) is running . . .
• Check permissions in /var/ftp directory# ls –ld /var/ftp
drwxr-xr-x 4 root root 4096 Aug 12 /var/ftp
CIS238/DL 21
vsftpd.conf: Configuring vsftpd
• Standalone – listen=yes
• listen_port (default 21)
• listen_address – defaults to any network interface
• max_clients – set to 0 for unlimited
• max_per_ip – set to 0 for any IP address allowed
CIS238/DL 22
Logging in
• userlist_enable – yes further checks userlist_deny, no does not check the list, more secure is no
• userlist_deny – list of users denied access
• userlist_file – name of user list file
• local_enable – allows users in /etc/passwd file to log onto system
CIS238/DL 23
Anonymous Users
• anonymous_enable – yes allows anonymous• no_anon_password – yes won’t ask for password
• deny_email_enable – yes checks if email password
user is denied access to system
• banned_email_file – list of denied users by email
address
CIS238/DL 24
Working Directories and chroot jail
• chroot_list_enable – sets user in jail either in their home directory or in /var/ftp
• chroot_local_user – if set to no local user can move around directory structure
• chroot_list_file – naem of the file if chroot_list_file is set to yes
• passwd_chroot_enable – allows local user to cd to home directory (/home/./jones)
• secure_chroot_dir – empty directory that is not writeable by user ftp, a secure chroot jail
CIS238/DL 25
Messages
• dirmessage_enable – yes displays .message
• banner_file – file that is displayed at login, overrides ftpd_banner
• ftpd_banner – overrides the standard vsftpd greeting banner at connection time
• And speaking of banners: