Objective 110.3: Securing Data with Encryption

  • The best way to communicate securely between two Linux systems is via SSH. SSH can be run either as a command line, opening up a shell into another system, or as a wrapper around other TCP-based applications.

  • SSH supports multiple authentication schemes, including standard username/password and public/private key authentication.

  • The command ssh-keygen –t dsa will create a public/private keypair. The keys are stored as ~/.ssh/id_dsa (private key) and ~/.ssh/id_dsa.pub (public key).

  • Placing a copy of your public key in the file ~/.ssh/authorized_keys2 on a remote machine will allow you to perform passwordless, key-based authentication with that machine.

  • The command gpg --gen-key will create a public/private key pair to use with the Gnu Privacy Guard (GPG). These keys will be stored in ~/.gnupg/.

  • To encrypt a file with another user’s public key, you must:

    • Import the user’s public key into your keyring: gpg --import bobskey.asc

    • Use that key to encrypt a file: gpg –e –u “My Name” –r “Bobs Name” /tmp/filename.txt

Get LPI Linux Certification in a Nutshell, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.