# Example config file /etc/vsftpd/vsftpd.conf
' k3 @% i/ f: C# u#$ I7 K/ O2 L* {) n* ?" O
# The default compiled in settings are fairly paranoid. This sample file( j" K; t8 K$ z# @0 ^
# loosens things up a bit, to make the ftp daemon more usable.* ?! P1 ^+ x& Y& ~5 [! x
# Please see vsftpd.conf.5 for all compiled in defaults.
9 T6 q, R; L- y+ S& n3 v#6 G" a& A/ k- G V) `, ^
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
6 C+ c. Z1 A4 s' {' b# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
) o8 e- `4 H1 \( |: v# capabilities.9 ?3 l1 D1 T; r* Q: x
#2 S- Y" z, C- r, W. P# M
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).! r$ f& R9 E2 V
anonymous_enable=NO0 f& w! c' M' ]6 K/ Q: |
#& t7 D, Q1 ]0 a8 m) Q' @( ?
# Uncomment this to allow local users to log in.; G I& z. g. @. h
# When SELinux is enforcing check for SE bool ftp_home_dir5 m+ T4 B6 m( \( R
local_enable=YES
/ Y6 Y& l, R9 u1 m! U7 A$ l#
* m' i, Y* {7 D* I# S6 ?# Uncomment this to enable any form of FTP write command.& u! F7 @/ U: ]( p% n
write_enable=YES( s, z& ^$ d- K( a& g0 z
#2 f H7 v4 |; L4 Q3 F
# Default umask for local users is 077. You may wish to change this to 022,/ l( h5 p8 l" \6 k2 P4 i
# if your users expect that (022 is used by most other ftpd's): K' _/ M8 t' S* u
local_umask=022
0 e" ?4 i# w2 ?5 h( J6 q. b9 Q' q#7 _" G' R( T: ?: U: I
# Uncomment this to allow the anonymous FTP user to upload files. This only
( l1 y F* y; N g z" b# has an effect if the above global write enable is activated. Also, you will
4 K6 c- _0 |* z3 b0 _# obviously need to create a directory writable by the FTP user.
' g! K# K5 u6 v5 C5 F3 ^# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access1 d! I0 l2 G% I8 ^3 T, C( s
#anon_upload_enable=YES
. Y8 ?' K+ y# s s5 i" R#
, V+ J, [* \5 P( y) k( E# Uncomment this if you want the anonymous FTP user to be able to create
' o: \; q1 H0 O( ]# new directories.* L [4 g5 z {1 P$ \4 t
#anon_mkdir_write_enable=YES
+ _" l# b& |3 k/ z9 H6 e1 _3 h- f {#+ J( N; q& L: N$ ^$ u; V, u
# Activate directory messages - messages given to remote users when they
: O8 c3 O9 ]& x8 A' g0 t# go into a certain directory. z4 A) b3 r& m t1 ~
dirmessage_enable=YES
) _9 O& R' c, r+ F- z% [3 G#- Q2 F7 x: e% U
# Activate logging of uploads/downloads.- s1 V& z+ n% M. {( k
xferlog_enable=YES+ _& c$ |, I7 |" m0 w& J3 k: {' z5 r
#& M3 }4 p8 |4 F
# Make sure PORT transfer connections originate from port 20 (ftp-data).
* n: Q% l9 _2 A* q/ g) v+ `4 Gconnect_from_port_20=YES
, A- R2 x0 Z# o2 B1 c#0 X" B' N) K4 M& ? d% L+ u& g
# If you want, you can arrange for uploaded anonymous files to be owned by
- q8 b$ t# }' v4 _2 F7 i# a different user. Note! Using "root" for uploaded files is not7 M3 Z( I' b/ l8 ~- E: m4 x
# recommended!
. x& R i7 v8 e+ ?. p' P! A#chown_uploads=YES
' ^, Y! D! z' }8 ]. P0 \3 \#chown_username=whoever* d2 B" |! ?2 z! S" j& k) u
#
- F, Y( V/ d: Q$ L) \- q# You may override where the log file goes if you like. The default is shown' u1 A7 `: H* C
# below.
& h4 f" C. i& {) W' Txferlog_file=/var/log/xferlog5 O* }7 Z- u0 r! Q ~9 q& _4 b
#
" E- u6 t4 \8 [. W# If you want, you can have your log file in standard ftpd xferlog format.6 Z& F2 k% T) i2 L T4 r
# Note that the default log file location is /var/log/xferlog in this case.# k; ^# ?( w, R3 `- ^! T8 V
xferlog_std_format=YES
) ?3 v) n8 t1 P2 _4 ~#
M3 t3 y% |/ i9 j: k q. E5 I# You may change the default value for timing out an idle session.
; @2 D5 T5 L1 L- H#idle_session_timeout=600, S' O1 q8 }) \$ M+ I- @0 F
#
2 D! J6 J# f: X J# f6 d# You may change the default value for timing out a data connection.
" n; I- s) a Q# f3 g7 ^( ^1 U#data_connection_timeout=1206 S" P1 _3 g' C: m3 k
#
- {6 L# y% |4 V/ p# It is recommended that you define on your system a unique user which the
4 i& j% C2 W6 b6 \; b' [4 {8 e# ftp server can use as a totally isolated and unprivileged user.& ?8 l% P, a/ f4 n
#nopriv_user=ftpsecure
8 k0 S1 V r, i0 ?: P7 _5 [' L1 Q- P#6 Y$ ^& c3 ~ P# u3 c# O2 D& W. a
# Enable this and the server will recognise asynchronous ABOR requests. Not
, K" b. n0 P9 @/ O- d# recommended for security (the code is non-trivial). Not enabling it,; V4 o& w: `. H v9 ~* M- `3 g
# however, may confuse older FTP clients.
d9 ]. y: z: J. W+ P& D# j8 [; y#async_abor_enable=YES
5 e; n. g {4 J#
6 n: d) k9 |; j2 M* F2 ]/ d4 }6 I! W# By default the server will pretend to allow ASCII mode but in fact ignore
1 q# L/ `0 F& N" b9 _6 v1 T# the request. Turn on the below options to have the server actually do ASCII
: {) D2 N# n ^! t$ ~" G# T# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains9 d: b9 S z8 B
# the behaviour when these options are disabled.
, G+ x% v, U% S7 I h! G- D( |# Beware that on some FTP servers, ASCII support allows a denial of service/ m7 h) t- w6 H1 B* J/ Z
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd {! a/ l! U8 v4 w; s) t
# predicted this attack and has always been safe, reporting the size of the5 W W- |7 p5 `1 C
# raw file.
5 a8 e7 J; F# }: \' `3 _/ Q# ASCII mangling is a horrible feature of the protocol.
+ Z( {2 c- t( ]0 P2 zascii_upload_enable=YES8 w1 h* S3 P8 I4 ]2 @/ r- ^
ascii_download_enable=YES
. i3 j. n: f3 P' r#
8 Y S$ G! D& O# You may fully customise the login banner string:* N1 M/ y8 a* x! m
#ftpd_banner=Welcome to blah FTP service.
- R0 t6 z5 i- Z R#9 ?5 D g* n$ ]: d, g/ \
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
1 C1 Y. X X# f3 P; a" S# useful for combatting certain DoS attacks.( I: q* o% s2 b% U! Y* ^6 a# ]
#deny_email_enable=YES
6 ?# l9 u9 `% m; x# (default follows)2 n w, R5 r' }9 k- t
#banned_email_file=/etc/vsftpd/banned_emails
! S) u" P0 y/ B8 D#
" T3 z/ w1 F" d4 D( s% X# You may specify an explicit list of local users to chroot() to their home* {+ F& i% G# B) N1 y8 ?$ W4 ~9 a. k
# directory. If chroot_local_user is YES, then this list becomes a list of3 ^* q" ~* j* L0 f8 b
# users to NOT chroot().
" B5 i7 K& R* F# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that' h5 p: ^1 L/ b! h2 g2 f
# the user does not have write access to the top level directory within the% ?% Y( g2 k5 ~
# chroot)
7 h2 u$ l+ o. U0 M: echroot_local_user=YES; h' Q$ X2 O) ?5 @ v
#chroot_list_enable=YES% ?5 t5 @; C" f4 G' q
# (default follows)
' y# D) t& o4 B# c' H' A- `#chroot_list_file=/etc/vsftpd/chroot_list7 \6 @4 u0 V' S5 p0 X. U7 R$ u5 `( P
#/ {5 D8 z7 M- s1 g2 n( M+ ^
# You may activate the "-R" option to the builtin ls. This is disabled by/ d% v( j) V& T; w0 `
# default to avoid remote users being able to cause excessive I/O on large
9 I* [4 \) r# H. e0 T# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
5 C1 [ d5 u S' n W: c% A# the presence of the "-R" option, so there is a strong case for enabling it.4 X f d' Q6 ^, n1 p t, B
#ls_recurse_enable=YES
" I. l* I6 `+ e! s4 s: {3 o2 y#
# ]' M% l- t4 P. p+ z5 P# When "listen" directive is enabled, vsftpd runs in standalone mode and
/ z9 D: N+ _3 M: h# listens on IPv4 sockets. This directive cannot be used in conjunction) F3 e4 n5 A, E
# with the listen_ipv6 directive.- F2 q$ K# m: Y6 z6 }8 a
listen=YES
% G f7 @* Q) ?$ K4 Z! Plisten_port=990
! i5 x, F- h! ]% t6 R( F' z1 R8 Tpasv_address=公网IP
9 G+ p& }/ w$ \0 w#
: ]% ~$ B2 J9 ^2 N2 ?7 s# This directive enables listening on IPv6 sockets. By default, listening
v7 Q6 F0 {# O" b+ Q r# on the IPv6 "any" address (: will accept connections from both IPv6) U8 u% F# c5 Z1 ]- F9 l
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6. x2 V% H9 g/ f3 C1 u
# sockets. If you want that (perhaps because you want to listen on specific3 z6 v# R+ [0 w% D
# addresses) then you must run two copies of vsftpd with two configuration
. z- A) p8 X" V4 `3 a# files.! k+ ^$ R- a# }' P5 d4 y
# Make sure, that one of the listen options is commented !!
3 Y4 y. E+ n7 L6 F/ `, m: L' M1 Ylisten_ipv6=NO
% m8 s$ O* n Kpam_service_name=vsftpd% n0 G$ V9 B! @5 a1 u
userlist_enable=NO! k3 _( b( |$ K Q% P1 s
tcp_wrappers=YES
1 ]3 m7 j+ o; n$ D$ E8 a' Wallow_writeable_chroot=YES
B* y- c& R$ k/ O7 _userlist_file=/etc/vsftpd/userlist
7 e( H; R# H- Suserlist_deny=NO, T( v& |, A2 [
ssl_enable=YES% J5 [* F% A. F! r9 u
ssl_tlsv1_2=YES6 _( [/ s6 A* ?1 S7 m
ssl_sslv2=YES
, ~7 G5 F) z& T' r& E9 o cssl_sslv3=YES
7 v& J" J1 X; i, V e% Mrsa_cert_file=/etc/ssl/private/vsftpd.pem) p: c+ A1 I6 m2 _
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
2 M: ~, V- n" E' M; u) t0 m) Zallow_anon_ssl=NO! ]5 _6 r& @% O* y
force_local_data_ssl=YES C. n8 N) j! ]7 v( H1 s* b
force_local_logins_ssl=YES) P, n) a3 i3 ~8 ? U/ {
require_ssl_reuse=NO9 C9 U5 @; z- W, _- U6 |4 T
ssl_ciphers=HIGH# X1 _$ a7 R* e/ P1 m2 z( H% K
implicit_ssl=YES
4 ] T/ K3 F" s4 P- zftp_data_port=500004 C2 e# z4 q1 W- \6 H" v$ p L, ~' k: e
pasv_enable=YES2 `# I0 ?- @2 m
pasv_min_port=40000
: ^7 a5 b, m8 D5 ypasv_max_port=500001 L' V* c7 d/ z
port_enable=YES. e n! e# v( e A7 B1 |
debug_ssl=YES5 w4 H; |! b O' w
pasv_promiscuous=YES 解决vsftpd连接错误425 Security: Bad IP connecting
% Q( Y5 ]2 o$ f) }7 {9 N4 b* @; {4 }4 h- u8 J
) T, |3 T/ z8 ^# r
不知道他们IT修改了哪里 换个IP居然联不上 尼玛 把报错一个一个排查完 + J! z: ?8 U0 ~5 t2 P1 M: W
|
|手机版|小黑屋|赛格电脑 华强北 电脑城 南山赛格 龙岗电子世界 龙华电脑城 沙井电脑城 松岗电脑城 pc4g.com
( 粤ICP备16039863号 )
发表于 2023-1-5 18:35:50