Linux下网络服务的配置

1 ftp配置

    首先要进入root用户权限sudo su

    #apt-get install vsftpd

    查看是否启动了ftp:

   #ps -e | grep ftp

  接下来要配置ftp,ftp的配置文件在/etc/vsftpd.conf文件中,先将vsftpd.conf文件进行备份,以免后面操作错误便于恢复

  #cp /etc/vsftpd.conf /etc/vsftp.conf_bak

  打开vsftpd.conf

  #gedit vsftpd.conf

  文件内容如下(红色字体是我们要修改的地方):

  # Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone?  vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default)
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in  your  local  time  zone.  The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories.  See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Debian customization
#
# Some of vsftpd's settings don't fit the Debian filesystem layout by
# default.  These settings are more Debian-friendly.
#
# This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/private/vsftpd.pem

 

    最后重新启动vsftpd:

    /etc/init.d/vsftpd restart

 

通过上面的设置之后,在window下使用cuteftp想要给虚拟机下的Linux传文件,前提必须要关闭防火墙和selinux,有两种关闭方法:

1.  setenforce 0            //其中0表示关闭selinux服务,1表示开启

2. gedit /etc/selinux/config 打开selinux的config文件

将SELINUX=enforcing改为SELINUX=disabled

 

除此之外假若你要从windows通过cuteFTP向linux下传文件,需要将要将文件传到的那个目录设为非root用户权限,设置方法为:

chown book:book /work -R                          //这里我们将根目录下的work目录作为我们将要把文件传到的地方,-R表示递归方式,表示/work下面所有的目录都可以使用了

 

 

2 配置ssh服务:

Ubuntu 下安装 OpenSSH Server 是无比轻松的一件事情,需要的命令只有一条:
  apt-get install openssh-server

 

(查看返回的结果,如果没有出错,则用putty、SecureCRT、SSH Secure Shell Client等SSH 客户端软件,输入您服务器的 IP 地址。如果一切正常的话,等一会儿就可以连接上了。并且使用现有的用户名和密码应该就可以登录了。)

 

  然后确认sshserver是否启动了:(或用“netstat -tlp”命令)

  ps -e | grep ssh

  如果只有ssh-agent那ssh-server还没有启动,需要/etc/init.d/ssh start,如果看到sshd那说明ssh-server已经启动了。

 

  ssh-server配置文件位于/ etc/ssh/sshd_config,在这里可以定义SSH的服务端口,默认端口是22,你可以自己定义成其他端口号,如222。然后重启SSH服务:

   /etc/init.d/ssh resart

  事实上如果没什么特别需求,到这里 OpenSSH Server 就算安装好了。但是进一步设置一下,可以让 OpenSSH 登录时间更短,并且更加安全。这一切都是通过修改 openssh 的配置文件 sshd_config 实现的。
  首先,您刚才实验远程登录的时候可能会发现,在输入完用户名后需要等很长一段时间才会提示输入密码。其实这是由于 sshd 需要反查客户端的 dns 信息导致的。我们可以通过禁用这个特性来大幅提高登录的速度。首先,打开 sshd_config 文件:
  gedit /etc/ssh/sshd_config
  找到 GSSAPI options 这一节,将下面两行注释掉:
  #GSSAPIAuthentication yes #GSSAPIDelegateCredentials no然后重新启动 ssh 服务即可:
  /etc/init.d/ssh restart
  再登录试试,应该非常快了吧

 

ubuntu通用网络配置方法:

一、配置大概分三类:通过配置文件配置、通过命令配置、通过图形化的网络连接菜单配置。

拨号无线等的没条件实验,不涉及。

主要文件:/etc/network/interfaces,这里是IP、网关、掩码等的一些配置;/etc/resolv.conf这个文件保存DNS的有关信息

主要命令:sudo /etc/init.d/networking restart重启网络,使配置文件的配置失效;sudo route add default gw <IP地址>,设置网关。

二、配置方法

1、通过命令配置

如果你只是想暂时性的修改IP地址,可以选择这种方法。重启网络后会丢失。

1)sudo ifconfig eth0 <IP地址> netmask <子网掩码> up

eth0是网卡。最后的up表示开启网卡,可以不加。

2) sudo route add default gw <网关IP>

设置网关
3) 设置DNS,这个必须去配置文件修改,同第二种

4)配置主机名称

命令:sudo /bin/hostname <主机名>
但是系统启动时,会从/etc/hostname来读取主机的名称。

2、通过配置文件配置

1)配置IP网关:sudo gedit /etc/network/interfaces 里面添加

dhcp的:

   
   
   
   
auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp

静态IP的:

   
   
   
   
auto lo iface lo inet loopback #上面的是回环 # 网卡eth0的配置 auto eth0 #staic 静态IP iface eth0 inet static address 192.168.1.5 netmask 255.255.255.0 gateway 192.168.1.1 #network 192.168.3.0 # broadcast 192.168.3.255 # 后面两条是网络号和广播号,这个可以由其它信息计算,因此无需设置

这里还可以配置第二IP(虚拟IP)

   
   
   
   
auto eth0:1 iface eth0 :1 inet static address 192.168.1.60 netmask 255.255.255.0 #network x.x.x.x # broadcast x.x.x.x gateway x.x.x.x

2)配置DNS: sudo gedit /etc/resolv.conf

   
   
   
   
nameserver 202.107.117.11

3)主机名:sudo gedit /etc/hostname 里面输入主机名。默认有个主机名,因此这个不是必须的。

4)重启网络:sudo /etc/init.d/networking restart

也可以重启网卡:

   
   
   
   
sudo ifconfig eth0 down sudo ifconfig eth0 up

重启网卡对别的网卡无影响,更推荐一些。

3、通过图形化的网络连接菜单配置

这个在系统-首选项里,也叫做network manager,通过右上角面板里的网络管理小程序可以启用它的配置。

这个有点问题:它和第二种方法共用配置文件,所以会导致种种冲突,使用时要注意。

不如,这两种方法都做了配置,sudo /etc/init.d/networking restart启用的是第二种方法的配置,而点击桌面面板上的网络管理小程序中的auto eth0启用的是第三种的配置。

 

PS:当使用sudo su命令切换到root权限的时候显示

**** is not in the sudoers file. This incident will be reported!

解决办法如下:

一、找出文件sudoers所在的位置,默认都是/etc/sudoers         
二、 #chmod u+w /etc/sudoers    以超级用户登录su -root ,修改文件权限即添加文件拥有这的写权限 限,ls -al /etc/sudoers 可以查看原文件的权限。    
三、编辑/etc/sudoers 文件,在root ALL=(ALL)ALL行下添加XXX ALL=(ALL)ALL,XXX为你的用户名。
最后, #chmod u-w /etc/sudoers 回到文件的原权限!

 

 


 

你可能感兴趣的:(Linux下网络服务的配置)