Linux下网络服务的配置

1 ftp配置

    首先要进入root用户权限sudo su

    #apt-get install vsftpd

    查看是否启动了ftp：

   #ps -e | grep ftp

  接下来要配置ftp，ftp的配置文件在/etc/vsftpd.conf文件中，先将vsftpd.conf文件进行备份，以免后面操作错误便于恢复

  #cp /etc/vsftpd.conf /etc/vsftp.conf_bak

  打开vsftpd.conf

  #gedit vsftpd.conf

  文件内容如下（红色字体是我们要修改的地方）：

  # Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone?  vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Disabled by default)
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in  your  local  time  zone.  The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories.  See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Debian customization
#
# Some of vsftpd's settings don't fit the Debian filesystem layout by
# default.  These settings are more Debian-friendly.
#
# This option should be the name of a directory which is empty.  Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/private/vsftpd.pem

 

    最后重新启动vsftpd：

    /etc/init.d/vsftpd restart

 

通过上面的设置之后，在window下使用cuteftp想要给虚拟机下的Linux传文件，前提必须要关闭防火墙和selinux，有两种关闭方法：

1.  setenforce 0            //其中0表示关闭selinux服务，1表示开启

2. gedit /etc/selinux/config 打开selinux的config文件

将SELINUX=enforcing改为SELINUX=disabled

 

除此之外假若你要从windows通过cuteFTP向linux下传文件，需要将要将文件传到的那个目录设为非root用户权限，设置方法为：

chown book：book /work -R                          //这里我们将根目录下的work目录作为我们将要把文件传到的地方，-R表示递归方式，表示/work下面所有的目录都可以使用了

 

 

2 配置ssh服务：

Ubuntu 下安装 OpenSSH Server 是无比轻松的一件事情，需要的命令只有一条：
　　apt-get install openssh-server

 

(查看返回的结果，如果没有出错，则用putty、SecureCRT、SSH Secure Shell Client等SSH 客户端软件，输入您服务器的 IP 地址。如果一切正常的话，等一会儿就可以连接上了。并且使用现有的用户名和密码应该就可以登录了。)

 

　　然后确认sshserver是否启动了：（或用“netstat -tlp”命令）

　　ps -e | grep ssh

　　如果只有ssh-agent那ssh-server还没有启动，需要/etc/init.d/ssh start，如果看到sshd那说明ssh-server已经启动了。

 

　　ssh-server配置文件位于/ etc/ssh/sshd_config，在这里可以定义SSH的服务端口，默认端口是22，你可以自己定义成其他端口号，如222。然后重启SSH服务：

　　 /etc/init.d/ssh resart

　　事实上如果没什么特别需求，到这里 OpenSSH Server 就算安装好了。但是进一步设置一下，可以让 OpenSSH 登录时间更短，并且更加安全。这一切都是通过修改 openssh 的配置文件 sshd_config 实现的。
　　首先，您刚才实验远程登录的时候可能会发现，在输入完用户名后需要等很长一段时间才会提示输入密码。其实这是由于 sshd 需要反查客户端的 dns 信息导致的。我们可以通过禁用这个特性来大幅提高登录的速度。首先，打开 sshd_config 文件：
　　gedit /etc/ssh/sshd_config
　　找到 GSSAPI options 这一节，将下面两行注释掉：
　　#GSSAPIAuthentication yes #GSSAPIDelegateCredentials no然后重新启动 ssh 服务即可：
　　/etc/init.d/ssh restart
　　再登录试试，应该非常快了吧

 

ubuntu通用网络配置方法：

一、配置大概分三类：通过配置文件配置、通过命令配置、通过图形化的网络连接菜单配置。

拨号无线等的没条件实验，不涉及。

主要文件：/etc/network/interfaces，这里是IP、网关、掩码等的一些配置；/etc/resolv.conf这个文件保存DNS的有关信息

主要命令：sudo /etc/init.d/networking restart重启网络，使配置文件的配置失效；sudo route add default gw <IP地址>,设置网关。

二、配置方法

1、通过命令配置

如果你只是想暂时性的修改IP地址，可以选择这种方法。重启网络后会丢失。

1）sudo ifconfig eth0 <IP地址> netmask <子网掩码> up

eth0是网卡。最后的up表示开启网卡，可以不加。

2） sudo route add default gw <网关IP>

设置网关
3） 设置DNS，这个必须去配置文件修改，同第二种

4）配置主机名称

命令：sudo /bin/hostname <主机名>
但是系统启动时,会从/etc/hostname来读取主机的名称。

2、通过配置文件配置

1）配置IP网关：sudo gedit /etc/network/interfaces 里面添加

dhcp的：

auto loiface lo inet loopbackauto eth0iface eth0 inet dhcp

静态IP的：

auto loiface lo inet loopback#上面的是回环#网卡eth0的配置auto eth0#staic 静态IPiface eth0 inet staticaddress 192.168.1.5netmask 255.255.255.0gateway 192.168.1.1#network 192.168.3.0  #broadcast 192.168.3.255 #后面两条是网络号和广播号，这个可以由其它信息计算，因此无需设置

这里还可以配置第二IP（虚拟IP）

auto eth0:1iface eth0:1 inet staticaddress 192.168.1.60netmask 255.255.255.0#network x.x.x.x#broadcast x.x.x.xgateway x.x.x.x 

2）配置DNS： sudo gedit /etc/resolv.conf

nameserver 202.107.117.11

3）主机名：sudo gedit /etc/hostname 里面输入主机名。默认有个主机名，因此这个不是必须的。

4）重启网络：sudo /etc/init.d/networking restart

也可以重启网卡：

sudo ifconfig eth0 down sudo ifconfig eth0 up

重启网卡对别的网卡无影响，更推荐一些。

3、通过图形化的网络连接菜单配置

这个在系统-首选项里，也叫做network manager，通过右上角面板里的网络管理小程序可以启用它的配置。

这个有点问题：它和第二种方法共用配置文件，所以会导致种种冲突，使用时要注意。

不如，这两种方法都做了配置，sudo /etc/init.d/networking restart启用的是第二种方法的配置，而点击桌面面板上的网络管理小程序中的auto eth0启用的是第三种的配置。

 

PS:当使用sudo su命令切换到root权限的时候显示

**** is not in the sudoers file. This incident will be reported！

解决办法如下：

一、找出文件sudoers所在的位置，默认都是/etc/sudoers         
二、 #chmod u+w /etc/sudoers    以超级用户登录su -root ，修改文件权限即添加文件拥有这的写权限 限，ls -al /etc/sudoers 可以查看原文件的权限。    
三、编辑/etc/sudoers 文件，在root ALL=(ALL)ALL行下添加XXX ALL=(ALL)ALL，XXX为你的用户名。
最后， #chmod u－w /etc/sudoers 回到文件的原权限！