/etc/vsftpd/vsftpd.conf
anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 anon_upload_enable=YES anon_mkdir_write_enable=YES dirmessage_enable=YES xferlog_enable=NO connect_from_port_20=YES xferlog_file= /var/log/xferlog xferlog_std_format=YES data_connection_timeout=60 listen=YES listen_ipv6=NO pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=NO dual_log_enable=YES vsftpd_log_file= /var/log/vsftpd .log guest_enable=YES guest_username= ftp local_root= /var/ftp/ $USER user_sub_token=$USER virtual_use_local_privs=YES reverse_lookup_enable=NO chroot_list_enable=YES chroot_list_file= /etc/vsftpd/chroot_list chroot_local_user=YES allow_writeable_chroot=YES
/etc/pam.d/vsftpd
auth required pam_pwdfile.so pwdfile /etc/vsftpd/.passwd account required pam_permit.so
/etc/vsftpd/.passwd htpasswd -dn user1
New password:
Re-type new password:
user1:3Jf4ENdg/neKQ
iptables
# Generated by iptables-save v1.4.21 on Tue Jan 10 13:59:44 2023 *filter :INPUT DROP [12:826] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [41:3420] -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT COMMIT
/lib64/security/pam_pwdfile.so pam使用pwdfile认证必须有此文件