我正在处理一个问题,我不清楚如何解决,并已经拉了我的头发了一段时间。 我一直在尝试使用以下方法configurationFTP用户(我们在所有服务器上都使用相同的文档)
安装FTP服务器
在WP Admin中添加WordPress用户以访问FTP
为用户创build一个假壳,将“usr / sbin / nologin”添加到/ etc / shells文件的底部
添加一个FTP用户帐户
将这些行添加到/etc/vsftpd.conf的底部
– userlist_file = / etc / vsftpd.userlist – userlist_enable = YES – userlist_deny = NO
将用户名添加到/etc/vsftpd.userlist顶部的列表中
我也经历了这个post上列出的一切,没有运气。 我正在连接拒绝。
对不起,以上糟糕的文字格式。 我想你明白了。 这是我们一遍又一遍地做的事情,由于某种原因,这里不合作。
安装程序是Ubuntu 12.04LTS和VSFTPD v2.3.5
所以这里是你的iptablesconfiguration的INPUT部分。
Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT icmp -- anywhere anywhere icmp echo-request LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: " REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
这里^
ufw-before-logging-input all -- anywhere anywhere ufw-before-input all -- anywhere anywhere ufw-after-input all -- anywhere anywhere ufw-after-logging-input all -- anywhere anywhere ufw-reject-input all -- anywhere anywhere ufw-track-input all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp spt:ftp state ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 state ESTABLISHED
我用REJECT突出显示的行拒绝所有入站连接。 你放在底部的规则允许ftp&ftp-data永远不会被触发。 ufw-规则也不是。
我不是一个Ubuntu的人,我没有一个方便查看的框,但它可能是你的初始化脚本处理你的防火墙硬编码的前几条规则,然后你添加你的configuration的地方发生在稍后启动顺序。
不知道这是否有帮助,但这里是我的vsftpd.conf文件,完全适合我:)由于对年的变化量。 我已经注意到对我的vsftpd.conf文件所做的更改。
# /etc/vsftpd.conf - vsftpd configuration file # # Run standalone listen=YES # # Allow anonymous FTP anonymous_enable=NO # # Allow local users to log in local_enable=YES # # Allow any form of FTP write command write_enable=YES # # Default umask is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd) local_umask=022 anon_umask=022 # # Allow the anonymous FTP user to upload files anon_upload_enable=NO # # Allow the anonymous FTP user to be able to create new directories anon_mkdir_write_enable=NO # # Activate directory messages dirmessage_enable=YES # # Display directory listings with the time in your local time zone use_localtime=YES # # Activate logging of uploads/downloads xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data) connect_from_port_20=YES # # Customise the login banner string ftpd_banner=Welcome to FTP service. # # Restrict local users to their home directories chroot_local_user=NO # # Activate the "-R" option to the builtin ls. This is disabled by default to # avoid remote users being able to cause excessive I/O on large sites. # However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option ls_recurse_enable=YES # # Show textual names in the user and group fields of directory listings text_userdb_names=YES # # Empty directory not writable by the ftp user as a secure chroot() jail at # times vsftpd does not require filesystem access secure_chroot_dir=/var/run/vsftpd/empty # # PAM service vsftpd will use pam_service_name=vsftpd # # Support secure connections via SSL. This applies to the control connection # (including login) and also data connections ssl_enable=YES # # Certificate to use for SSL encrypted connections rsa_cert_file=/etc/vsftpd/ssl/ssl.pem # # # Not to require all SSL data connections to exhibit SSL session reuse require_ssl_reuse=NO # # Force authenticated login and data via SSL force_local_logins_ssl=NO force_local_data_ssl=NO ssl_ciphers=HIGH # DEV1 Settings listen_port=21 pasv_enable=YES pasv_min_port=64400 pasv_max_port=64499 pasv_address=YOUR Static Public IP