# Example config file /etc/vsftpd/vsftpd.conf5 @- ~7 v7 k% ^# w9 p
#4 q% a' c& A) d) w
# The default compiled in settings are fairly paranoid. This sample file
: }1 `4 z8 b8 n. B! y9 l# loosens things up a bit, to make the ftp daemon more usable.: r4 c. c% T4 R- V4 w6 [0 u
# Please see vsftpd.conf.5 for all compiled in defaults.6 `$ k0 g& ?# {5 C+ c' r# p
#
5 A2 _; F- Q2 }% Z+ ]# READ THIS: This example file is NOT an exhaustive list of vsftpd options.4 p$ R) k: H; o5 U
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
' f7 `' `: |6 I7 |3 D$ ^% {# capabilities.( x/ g& w- r7 W7 j* ^- P; j' D
#
" V. |8 J+ e. d0 c. u% a6 t: L# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
' ^: H5 c; w) qanonymous_enable=NO
( c% F8 H. k/ p#$ y9 m- S, O9 F1 V
# Uncomment this to allow local users to log in.
V* V0 c9 I+ k7 i4 O! ]# When SELinux is enforcing check for SE bool ftp_home_dir
; l5 K$ p0 O- x8 I$ y7 N" W4 Llocal_enable=YES
' F# Z, K) }& n+ w# s: j#
) M4 @% H }1 q5 b# t# Uncomment this to enable any form of FTP write command.
7 Y, r; f: r5 q5 ^write_enable=YES6 k! @) ?8 }; b# X3 E# T# D
#
2 ^# k3 s& Z: a# Default umask for local users is 077. You may wish to change this to 022,
7 m @& s- {$ \/ ]% R5 Z4 N# if your users expect that (022 is used by most other ftpd's)' l Y1 A m5 F
local_umask=022
8 P2 O% e3 c+ M% N4 V0 u. j' `#
+ J9 e" m; F9 F! K# Uncomment this to allow the anonymous FTP user to upload files. This only" P7 ^3 e: N; E0 g! o/ w
# has an effect if the above global write enable is activated. Also, you will4 D- _- e5 m" a9 O- ]
# obviously need to create a directory writable by the FTP user.0 x* t) W! u+ ?' R5 d7 \
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
6 ~; e' g3 T8 P6 k#anon_upload_enable=YES t, i: f% J* |4 a) H+ c
#
7 d3 A& H0 {( j* d2 v6 H# Uncomment this if you want the anonymous FTP user to be able to create/ p& S) @0 L5 Z; S! l* J
# new directories.5 C+ y6 u; R: F0 [
#anon_mkdir_write_enable=YES4 E' _% ]) c) P5 |( ~4 `
#: K. {2 B n7 @# x7 o
# Activate directory messages - messages given to remote users when they
* P, U4 y" d" [% K% m# go into a certain directory.
, q8 l; u# G' |9 X# w' v: jdirmessage_enable=YES
# U+ t+ @: X4 v* w#
2 Y1 Q, O- [$ T# r' m' a8 R+ S# Activate logging of uploads/downloads.) D4 |: A: g. h# Q
xferlog_enable=YES
' M8 H; {1 w9 d+ \5 ?#
: R2 Q z+ j: W% [. c6 u% W# Make sure PORT transfer connections originate from port 20 (ftp-data).' ^* [( l6 L- ]9 q# o% y
connect_from_port_20=YES, E4 z+ y9 ]' g$ K" \# A+ [
#
5 x7 H* h. c5 p# If you want, you can arrange for uploaded anonymous files to be owned by! q9 f% o7 ]3 f( r4 [
# a different user. Note! Using "root" for uploaded files is not
) v! b. ~0 r+ T5 S4 f' U+ o( X/ w# recommended!* O0 K) K J7 B7 H# F
#chown_uploads=YES
+ [ ]' |# g4 {#chown_username=whoever
) y) ~3 C% Z3 h5 C5 f#
" U1 h$ f5 B5 L5 v# You may override where the log file goes if you like. The default is shown$ L: Q+ F/ a" ~! ^4 V' D8 ~3 w
# below.
6 U3 y% ]$ j8 l# Z- D/ \1 I) qxferlog_file=/var/log/xferlog
! T& H" A! S) [! R* T, S9 _#
. e/ r0 {2 M1 d0 k/ M- M# If you want, you can have your log file in standard ftpd xferlog format.
?1 n2 [' a) k$ {/ c1 _+ c0 l# Note that the default log file location is /var/log/xferlog in this case.
# K" c7 T$ P3 Z' y& Oxferlog_std_format=YES% B# A+ O) ]7 d! y" I0 P7 _
#
/ |3 Q) Y. y& v- R# You may change the default value for timing out an idle session.
% W8 r: r1 U. \$ g- t) D* N; I4 Y#idle_session_timeout=600( `% v+ ^( A* E1 j
#
. q5 b$ {! p, A* m0 j- u k, q# You may change the default value for timing out a data connection.- C) ]7 K: G4 i- N5 Y! m
#data_connection_timeout=120. |$ x( V x% B7 D
#( @. |2 V8 n* u5 g
# It is recommended that you define on your system a unique user which the0 u% Y' f- e! p5 q. j0 \3 x8 E5 r
# ftp server can use as a totally isolated and unprivileged user.' E7 [9 q3 ], [* d! C
#nopriv_user=ftpsecure
6 w% g4 o1 @$ {## q. l3 I2 V2 q i: T7 g
# Enable this and the server will recognise asynchronous ABOR requests. Not8 B e T4 W @6 |8 `
# recommended for security (the code is non-trivial). Not enabling it,
1 S5 e# d9 I* o# however, may confuse older FTP clients.8 H5 }6 Y# J" p7 v
#async_abor_enable=YES. {. v0 v$ F+ {
#
. E) X# ^( _$ z+ H# By default the server will pretend to allow ASCII mode but in fact ignore
' X% |9 u( E6 z i7 m9 `# the request. Turn on the below options to have the server actually do ASCII
! h/ }- x2 W" V# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains
" P8 r) I# g4 j$ h% W1 }# the behaviour when these options are disabled.
: [/ n+ q* d! ?1 p! l6 P# Beware that on some FTP servers, ASCII support allows a denial of service* q) U$ r% M9 `% U; `" U9 E4 \# S6 \
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
* T i$ S. i. Z6 g; s5 ?) o3 |; ~' M# predicted this attack and has always been safe, reporting the size of the
, d! i. I4 ?" x% U( z, I# raw file.
& ~2 u2 R3 J. q8 z, }% g0 F# ASCII mangling is a horrible feature of the protocol.$ K/ a* {1 U# A1 {
ascii_upload_enable=YES$ ^" s# ^& `" [% v. H) ^, ~' e4 ^
ascii_download_enable=YES4 c5 H v/ V0 T' ~4 Q8 u9 G
#
( n& X U" g* Q: `8 ]# You may fully customise the login banner string:4 _: b2 M1 s s8 F6 s3 r
#ftpd_banner=Welcome to blah FTP service.
$ o& P. q( T6 X, t0 N6 G6 _#
" ^) a" U& `* o/ d/ A# You may specify a file of disallowed anonymous e-mail addresses. Apparently
. `5 w: e; u9 F- u: o# useful for combatting certain DoS attacks.. c0 U! ^. f# j# M+ Y
#deny_email_enable=YES+ n6 F: P# c" C& i1 p% A! U
# (default follows)% q8 E4 w0 z i: R
#banned_email_file=/etc/vsftpd/banned_emails: q1 U ]5 {/ T
#7 J. W% H/ E* e9 Z9 o, }
# You may specify an explicit list of local users to chroot() to their home
% ~3 D( f; I' p5 U# directory. If chroot_local_user is YES, then this list becomes a list of- i, D2 A& G6 f( n2 |3 t" c
# users to NOT chroot().2 j4 m8 `3 `% e
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
$ Q! p1 V& h: u N0 `9 V# the user does not have write access to the top level directory within the+ M* v2 U. z0 f9 o7 [% h
# chroot)
" e: Z# n3 O/ i* U# \5 C/ l& V: Fchroot_local_user=YES9 \" _4 c9 I2 K T* Z3 k6 ?; f
#chroot_list_enable=YES1 a; f2 Y1 R) z& g1 W, A8 L
# (default follows). Y$ Z; t7 Z1 _. W8 B8 x4 G
#chroot_list_file=/etc/vsftpd/chroot_list2 g( Y* ]5 \/ F$ V
#
$ A- F0 o0 g* ]4 E2 N# You may activate the "-R" option to the builtin ls. This is disabled by
6 F# W3 o% L& `+ ?7 z# default to avoid remote users being able to cause excessive I/O on large! U! r a0 I6 r* n
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume( x* n# D( p! X8 i {
# the presence of the "-R" option, so there is a strong case for enabling it.% c: ^6 W( g) q" n" ^3 S+ ^$ ?5 C
#ls_recurse_enable=YES
& ^4 ~( E1 b; \#
8 A2 t, L+ Q9 T; j# When "listen" directive is enabled, vsftpd runs in standalone mode and
4 N1 L7 I: Z7 d' E# |# listens on IPv4 sockets. This directive cannot be used in conjunction
0 q4 x% @% V. Z; n# with the listen_ipv6 directive.7 o, O6 f( F) W& z2 V, G0 j
listen=YES
/ S! E1 k+ R! B/ Elisten_port=990& d; O3 m* q1 B# {# ~
pasv_address=公网IP
% p3 ]/ F5 B% o#3 m5 k$ M# `! s
# This directive enables listening on IPv6 sockets. By default, listening+ Y* T; W+ ]" x" S2 u
# on the IPv6 "any" address (: will accept connections from both IPv6
; e- l" Z+ ]9 R" T+ S ?/ _# X# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6" Y. I) U7 b4 x2 r2 O
# sockets. If you want that (perhaps because you want to listen on specific' t Y) \2 X1 f2 f
# addresses) then you must run two copies of vsftpd with two configuration% ]* D7 Z: D5 e+ ]" _% Z, P
# files.* s& o& p! j Q5 H# x
# Make sure, that one of the listen options is commented !!$ I: n5 \& K# m7 B* P
listen_ipv6=NO
' q8 W* G% A4 N0 K% Cpam_service_name=vsftpd
3 D/ d/ ^: I% auserlist_enable=NO
! M' p% V" X0 L, Dtcp_wrappers=YES
2 N9 ?& P# W, H) b( jallow_writeable_chroot=YES
7 U ~& E& j+ c& b& ~userlist_file=/etc/vsftpd/userlist1 B( A; }) T% ]& s( X5 I9 j
userlist_deny=NO
1 ]9 ~) ]$ q m. ]# Gssl_enable=YES
5 b; z+ Q1 b* O: g& G8 r# ossl_tlsv1_2=YES" X) t, Q: a0 _( {% {+ _
ssl_sslv2=YES4 e9 Z) l, ]* R
ssl_sslv3=YES
( W( y6 l1 v2 P4 Q) ursa_cert_file=/etc/ssl/private/vsftpd.pem
+ X1 I+ O" f1 l; s! X) f. n! Nrsa_private_key_file=/etc/ssl/private/vsftpd.pem
& d4 a+ ` i8 c, A4 E# ?/ vallow_anon_ssl=NO
. U8 N2 e$ _ ^! J+ j" x4 s- |. jforce_local_data_ssl=YES
; c+ M) b& t. {" Fforce_local_logins_ssl=YES9 e$ T. f, ~. Y3 x6 P
require_ssl_reuse=NO
1 @" B5 R) ?0 p9 T1 Z% Dssl_ciphers=HIGH$ c! O2 @1 k' V- ]' E) l3 u
implicit_ssl=YES8 A3 G* X( w+ g
ftp_data_port=500005 S6 D1 w) k# {# J- E. Y# {
pasv_enable=YES- ]* G' b# _9 H i& t1 L9 x
pasv_min_port=40000
1 e: v" ~6 r3 e, ]' Apasv_max_port=50000
: Y& V- q5 c' y7 sport_enable=YES
6 O& w0 C; C# ?* O) ?debug_ssl=YES
4 m- }4 V* m3 s! {0 e' n; ^pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting8 `1 V) o6 m8 k. s
2 o; v+ `8 D$ c1 h1 Q% a6 I
3 {! R! u& ^% K! S: D' N9 n" N3 z不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完
' K$ T# W% t" D+ I, T( h |
|手机版|小黑屋|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50