Chapter 24. Securing Data with Encryption (Topic 110.3)
This Topic focuses on the methods used to secure Linux servers and workstations. Securing servers includes two basics steps: communicating between servers in a secure way, and then encrypting data on the servers themselves. The LPI knows that SSH is the most common method for communicating securely between servers. Therefore, the topic is covered fairly extensively on the exam and in this chapter.
SSH is used for many more purposes than simply communicating across insecure networks; it is used throughout the industry to configure remote systems and tunnel all sorts of traffic, from X Window to email and FTP.
The second part of securing a server—making sure that stored data is properly encrypted—can be handled in myriad ways. However, the LPI recognizes that GNU Privacy Guard (GPG) has become the standard. Before we take a deep look at how SSH and GPG work, make sure that you understand this LPI Objective’s description perfectly:
- Objective 3: Securing Data with Encryption
The candidate should be able to use public key techniques to secure data and communication. The key knowledge areas are:
Perform basic OpenSSH 2 client configuration and usage.
Understand the role of OpenSSH 2 server host keys.
Perform basic GnuPG configuration and usage.
Understand SSH port tunnels (including X11 tunnels).
Following is the list of the used files, terms, and utilities:
~/.ssh/id_rsa and id_rsa.pub
~/.ssh/id_dsa and id_dsa.pub ...