一、vsftpd.conf配置
anonymous_enable=NO
local_enable=YES
write_enable=NO
pam_service_name=vsftpd #关键点,实现本地用户登录
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
idle_session_timeout=300
da
ta_connection_timeout=300
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_local_user=yes
二、cp /usr/src/redhat/SOURCES/vsftpd.pam /etc/pam.d/vsftpd
三、用户允许ftp禁止ssh
1)编辑/etc/pam.d/sshd
在文件内加入auth required pam_listfile.so item=user sense=allow file=/etc/sshusers onerr=fail
[root@book ~]# vi /etc/pam.d/sshd
#%PAM-1.0
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
auth required pam_listfile.so item=user sense=allow file=/etc/sshusers onerr=fail
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
2)建立/etc/sshusers文件
[root@book ~]# touch /etc/sshusers
3)把允许登陆的用户加入到 /etc/sshusers
echo “root” >> /etc/sshusers
echo “admin” >> /etc/sshusers
…
则以后只有root和admin可以登陆ssh
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_local_user=yes
二、cp /usr/src/redhat/SOURCES/vsftpd.pam /etc/pam.d/vsftpd
三、用户允许ftp禁止ssh
1)编辑/etc/pam.d/sshd
在文件内加入auth required pam_listfile.so item=user sense=allow file=/etc/sshusers onerr=fail
[root@book ~]# vi /etc/pam.d/sshd
#%PAM-1.0
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
auth required pam_listfile.so item=user sense=allow file=/etc/sshusers onerr=fail
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
2)建立/etc/sshusers文件
[root@book ~]# touch /etc/sshusers
3)把允许登陆的用户加入到 /etc/sshusers
echo “root” >> /etc/sshusers
echo “admin” >> /etc/sshusers
…
则以后只有root和admin可以登陆ssh
转载:
http://gaogaochao1.blog.163.com/blog/static/79810971200963035948314/
版权声明:本文为cndone原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。