如何访问 Amazon EC2 上的 pyftpdlib FTPS 服务器?
How do I access pyftpdlib FTPS server on Amazon EC2?
我正在尝试使用 Python 库 pyftpdlib 在我的 Ubuntu Amazon EC2 实例上创建一个简单的 FTPS 服务器。
这是直接来自文档的代码:
#!/usr/bin/env python
"""
An RFC-4217 asynchronous FTPS server supporting both SSL and TLS.
Requires PyOpenSSL module (http://pypi.python.org/pypi/pyOpenSSL).
"""
from pyftpdlib.servers import FTPServer
from pyftpdlib.authorizers import DummyAuthorizer
from pyftpdlib.contrib.handlers import TLS_FTPHandler
import os
def main():
authorizer = DummyAuthorizer()
authorizer.add_user('ubuntu', '*****', os.getcwd(), perm='elradfmw')
authorizer.add_anonymous('.')
handler = TLS_FTPHandler
handler.certfile = 'keycert.pem'
handler.authorizer = authorizer
handler.masquerade_address = '52.23.244.142'
# requires SSL for both control and data channel
handler.tls_control_required = True
handler.tls_data_required = True
handler.passive_ports = range(60000, 60099)
server = FTPServer(('', 21), handler)
server.serve_forever()
if __name__ == '__main__':
main()
当我 运行 我的 Amazon EC2 实例上的脚本以及当我尝试使用 FileZilla 远程连接时,我得到:
Status: Connecting to 52.23.244.142:21...
Status: Connection established, waiting for welcome message...
Response: 220 pyftpdlib 1.4.0 ready.
Command: AUTH TLS
Response: 234 AUTH TLS successful.
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER ubuntu
Status: TLS/SSL connection established.
Response: 331 Username ok, send password.
Command: PASS *****
Response: 230 Login successful.
Command: OPTS UTF8 ON
Response: 501 Invalid argument.
Command: PBSZ 0
Response: 200 PBSZ=0 successful.
Command: PROT P
Response: 200 Protection set to Private
Command: OPTS MLST type;perm;size;modify;unix.mode;unix.uid;unix.gid;
Response: 200 MLST OPTS type;perm;size;modify;unix.mode;unix.uid;unix.gid;
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory.
Command: TYPE I
Response: 200 Type set to: Binary.
Command: PASV
Response: 227 Entering passive mode (52,23,244,142,174,172).
Command: MLSD
Response: 150 File status okay. About to open data connection.
Error: Connection timed out
Error: Failed to retrieve directory listing
我想我错过了什么。我能得到一些帮助吗?
您的服务器必须在对 PASV 命令的响应中提供其外部 IP 地址。您改为在 EC2 专用网络中提供一个内部 IP 地址,FileZilla 显然无法连接到该地址。
虽然 FileZilla 可以解决以下问题:
Server sent passive reply with unroutable address. Using server address instead.
其他 FTP 客户端(例如 Windows 命令行 ftp.exe)不能。
使用handler.masquerade_address配置外部IP地址:
handler.masquerade_address = '52.23.244.142'
FileZilla 无法连接到端口 50048 (195 << 8 + 128)。您可能没有在 EC2 防火墙的 FTP 被动模式端口范围内打开端口。
参见 Setting up FTP on Amazon Cloud Server (particularly section "Step #2: Open up the FTP ports on your EC2 instance" in the best answer)。
为避免打开整个非特权端口范围,请使用 handler.passive_ports:
限制 FTP 服务器使用较小的端口范围
handler.passive_ports = range(60000, 60099)
有关一般信息,请参阅 我的 关于 network setup in respect to FTP passive (and active) connection modes 的文章。
我正在尝试使用 Python 库 pyftpdlib 在我的 Ubuntu Amazon EC2 实例上创建一个简单的 FTPS 服务器。
这是直接来自文档的代码:
#!/usr/bin/env python
"""
An RFC-4217 asynchronous FTPS server supporting both SSL and TLS.
Requires PyOpenSSL module (http://pypi.python.org/pypi/pyOpenSSL).
"""
from pyftpdlib.servers import FTPServer
from pyftpdlib.authorizers import DummyAuthorizer
from pyftpdlib.contrib.handlers import TLS_FTPHandler
import os
def main():
authorizer = DummyAuthorizer()
authorizer.add_user('ubuntu', '*****', os.getcwd(), perm='elradfmw')
authorizer.add_anonymous('.')
handler = TLS_FTPHandler
handler.certfile = 'keycert.pem'
handler.authorizer = authorizer
handler.masquerade_address = '52.23.244.142'
# requires SSL for both control and data channel
handler.tls_control_required = True
handler.tls_data_required = True
handler.passive_ports = range(60000, 60099)
server = FTPServer(('', 21), handler)
server.serve_forever()
if __name__ == '__main__':
main()
当我 运行 我的 Amazon EC2 实例上的脚本以及当我尝试使用 FileZilla 远程连接时,我得到:
Status: Connecting to 52.23.244.142:21...
Status: Connection established, waiting for welcome message...
Response: 220 pyftpdlib 1.4.0 ready.
Command: AUTH TLS
Response: 234 AUTH TLS successful.
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER ubuntu
Status: TLS/SSL connection established.
Response: 331 Username ok, send password.
Command: PASS *****
Response: 230 Login successful.
Command: OPTS UTF8 ON
Response: 501 Invalid argument.
Command: PBSZ 0
Response: 200 PBSZ=0 successful.
Command: PROT P
Response: 200 Protection set to Private
Command: OPTS MLST type;perm;size;modify;unix.mode;unix.uid;unix.gid;
Response: 200 MLST OPTS type;perm;size;modify;unix.mode;unix.uid;unix.gid;
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory.
Command: TYPE I
Response: 200 Type set to: Binary.
Command: PASV
Response: 227 Entering passive mode (52,23,244,142,174,172).
Command: MLSD
Response: 150 File status okay. About to open data connection.
Error: Connection timed out
Error: Failed to retrieve directory listing
我想我错过了什么。我能得到一些帮助吗?
您的服务器必须在对
PASV命令的响应中提供其外部 IP 地址。您改为在 EC2 专用网络中提供一个内部 IP 地址,FileZilla 显然无法连接到该地址。虽然 FileZilla 可以解决以下问题:
Server sent passive reply with unroutable address. Using server address instead.
其他 FTP 客户端(例如 Windows 命令行
ftp.exe)不能。使用
handler.masquerade_address配置外部IP地址:handler.masquerade_address = '52.23.244.142'FileZilla 无法连接到端口 50048 (195 << 8 + 128)。您可能没有在 EC2 防火墙的 FTP 被动模式端口范围内打开端口。
参见 Setting up FTP on Amazon Cloud Server (particularly section "Step #2: Open up the FTP ports on your EC2 instance" in the best answer)。
为避免打开整个非特权端口范围,请使用
限制 FTP 服务器使用较小的端口范围handler.passive_ports:handler.passive_ports = range(60000, 60099)
有关一般信息,请参阅 我的 关于 network setup in respect to FTP passive (and active) connection modes 的文章。