ÔõÑù¾ÙÐÐLinuxϵͳµÄÊý¾Ý¼ÓÃܺÍÇå¾²´«Êä
ÔÚµ±½ñÐÅϢʱ´ú£¬Êý¾ÝÇå¾²ÊÇÿһ¸öÆóÒµ¡¢×éÖ¯ºÍСÎÒ˽ÈËËùÃæÁÙµÄÒ»ÏîÖ÷ҪʹÃü¡£LinuxϵͳÒѾ³ÉΪÁË´ó´ó¶¼ÆóÒµºÍ×éÖ¯µÄÊ×Ñ¡²Ù×÷ϵͳ£¬Òò´Ë¹ØÓÚLinuxϵͳµÄÊý¾Ý¼ÓÃܺÍÇå¾²´«ÊäÒ²±äµÃÓú·¢ÐëÒª¡£±¾ÎĽ«ÏÈÈÝÔõÑùÔÚLinuxϵͳÖоÙÐÐÊý¾Ý¼ÓÃܺÍÇå¾²´«Ê䣬²¢ÌṩÏêϸµÄ´úÂëʾÀý¡£
Ò»¡¢Êý¾Ý¼ÓÃÜ
Êý¾Ý¼ÓÃÜÊÇÒ»ÖÖ¿É¿¿µÄÇå¾²²½·¥£¬Ëü¿ÉÒÔ½«Ãô¸ÐÊý¾Ýת»¯ÎªÄÑÒÔ¶ÁÈ¡ºÍÃ÷È·µÄÃÜÎÄ£¬´Ó¶ø°ü¹ÜÊý¾ÝµÄÉñÃØÐÔ¡£ÔÚLinuxϵͳÖУ¬ÓжàÖÖ·½·¨¿ÉÒÔ¾ÙÐÐÊý¾Ý¼ÓÃÜ£¬°üÀ¨Ê¹ÓÃPGP/GPG£¬Ê¹ÓÃOpenSSLºÍʹÓÃLUKS¡£
ʹÓÃPGP/GPG
PGP£¨Pretty Good Privacy£©ºÍ GPG£¨GNU Privacy Guard£©ÊÇÁ½ÖÖ¼ÓÃÜÈí¼þ£¬¿ÉÒÔÓÃÓÚ¶ÔÎļþºÍµç×ÓÓʼþ¾ÙÐмÓÃÜ¡£ËüÃÇÒ²¿ÉÒÔÓÃÓÚÔÚLinuxϵͳÖоÙÐÐÊý¾Ý¼ÓÃÜ¡£ÒÔÏÂÊÇÒ»¸öʹÓÃPGP/GPG¾ÙÐÐÊý¾Ý¼ÓÃܵÄʾÀý¡£
Ê×ÏÈÐèҪװÖÃPGPºÍGPGÈí¼þ£º
sudo apt-get install gnupg pgpgpg
µÇ¼ºó¸´ÖÆ
È»ºó¿ÉÒÔʹÓÃÒÔÏÂÏÂÁî¶ÔÒ»¸öÎļþ¾ÙÐмÓÃÜ£º
gpg -c filename
µÇ¼ºó¸´ÖÆ
´ËÏÂÁÌìÉúÒ»¸ö¼ÓÃܺóµÄÎļþ£¬ÎļþÃûΪfilename.gpg¡£ÔÚ¼ÓÃÜʱ£¬ÏµÍ³»áÌáÐÑÄúÊäÈëÒ»¸öÃÜÂë¡£´ËÃÜÂëÓÃÓÚ½âÃÜÎļþ¡£
ʹÓÃOpenSSL
OpenSSL ÊÇÒ»¸ö¿ª·ÅÔ´ÂëµÄÇå¾²Ì×½Ó×ֲ㣨SSL£©¿â£¬¿ÉÓÃÓÚ¾ÙÐÐÖ¤ÊéÖÎÀíºÍ¹«Ô¿»ù´¡½á¹¹£¨PKI£©²Ù×÷¡£Ëü¿ÉÒÔÔÚLinuxϵͳÖÐʵÏÖ¶ÔÊý¾ÝµÄ¼ÓÃÜ¡£ÒÔÏÂÊÇLinuxÖÐʹÓÃOpenSSL¾ÙÐÐÊý¾Ý¼ÓÃܵÄʾÀý¡£
Ê×ÏÈÐèҪװÖÃOpenSSL£º
sudo apt-get install openssl
µÇ¼ºó¸´ÖÆ µÇ¼ºó¸´ÖÆ
È»ºóÔËÐÐÒÔÏÂÏÂÁ
openssl aes-256-cbc -a -salt -in filename -out filename.enc
µÇ¼ºó¸´ÖÆ
´ËÏÂÁÌìÉúÒ»¸ö¼ÓÃܺóµÄÎļþ£¬ÎļþÃûΪfilename.enc¡£
ʹÓÃLUKS
LUKS£¨Linux Unified Key Setup£©ÊÇÒ»¸ö»ùÓÚGNU Privacy GuardµÄ¼ÓÃÜÈí¼þ¡£Ëü¿ÉÒÔÓÃÓÚͨÅ̼ÓÃܺͷÖÇø¼ÓÃÜ¡£ÒÔÏÂÊÇÒ»¸öʹÓÃLUKS¾ÙÐÐÊý¾Ý¼ÓÃܵÄʾÀý¡£
Ê×ÏÈÐèҪװÖÃLUKS£º
sudo apt-get install cryptsetup
µÇ¼ºó¸´ÖÆ
È»ºó¿ÉÒÔʹÓÃÒÔÏÂÏÂÁî¶ÔÄ¿µÄ×°±¸¾ÙÐмÓÃÜ£º
sudo cryptsetup luksFormat /dev/sdb1
µÇ¼ºó¸´ÖÆ
Õ⽫ÔÚ/dev/sdb1½¨ÉèÒ»¸öLUKSÈÝÆ÷£¬Ëü¿ÉÒÔÓÃÒÔÏÂÏÂÁî·¿ª£º
sudo cryptsetup luksOpen /dev/sdb1 sdb1_crypt
µÇ¼ºó¸´ÖÆ
·¿ªÖ®ºó£¬½«/dev/mapper/sdb1_cryptÊÓΪ¼ÓÃÜ×°±¸µÄÃû³Æ£¬Äú¿ÉÒÔʹÓôË×°±¸¾ÙÐÐÎļþµÄ¶Áд²Ù×÷¡£Ò»µ©Íê³É²Ù×÷£¬¿ÉÒÔʹÓÃÒÔÏÂÏÂÁî¹Ø±Õ£º
sudo cryptsetup luksClose sdb1_crypt
µÇ¼ºó¸´ÖÆ
¶þ¡¢Çå¾²´«Êä
ÔÚLinuxϵͳÖоÙÐÐÇå¾²´«ÊäµÄÒªÁì°üÀ¨Ê¹ÓÃSSHºÍʹÓÃSSL¡£ÕâЩ´«ÊäÐÒé¿ÉÒÔÔöÇ¿Êý¾Ý´«ÊäµÄÉñÃØÐÔ¡¢Êý¾ÝÍêÕûÐÔºÍÈÏÖ¤ÐÔ¡£
ʹÓÃSSH¾ÙÐÐÇå¾²´«Êä
SSH£¨Secure Shell£©ÊÇÒ»ÖÖÍøÂçÐÒ飬¿ÉÔÚ²»Çå¾²µÄÍøÂçÖÐÇå¾²µØ´«ÊäÊý¾Ý¡£ÒªÊ¹ÓÃSSH£¬ÄúÐèҪװÖÃOpenSSHÈí¼þ°ü¡£ÒÔÏÂÊÇÒ»¸öʹÓÃSSH¾ÙÐÐÇå¾²´«ÊäµÄʾÀý¡£
Ê×ÏÈÐèҪװÖÃOpenSSH£º
sudo apt-get install openssh-server
µÇ¼ºó¸´ÖÆ
È»ºó£¬ÄúÐèÒªÔÚÒª´«ÊäµÄ»úеÉÏÅþÁ¬µ½SSH£º
ssh username@IP_Address
µÇ¼ºó¸´ÖÆ
ÔÚÅþÁ¬Àֳɺó£¬Äú¿ÉÒÔʹÓÃÒÔÏÂÏÂÁî´ÓÍâµØ»úеÖд«ÊäÎļþµ½Ô¶³Ì»úе£º
scp /local/filename username@IP_Address:/remote/directory
µÇ¼ºó¸´ÖÆ
ÕâЩÏÂÁî»á½«ÍâµØÎļþ£¨/local/filename£©¸´ÖƵ½Ô¶³ÌĿ¼£¨/remote/directory£©¡£
ʹÓÃSSL¾ÙÐÐÇå¾²´«Êä
SSL£¨Secure Sockets Layer£©ÊÇÒ»ÖÖÇå¾²ÐÒ飬ÓÃÓÚÔÚÁ½¸ö×°±¸Ö®¼ä¼ÓÃÜÊý¾Ý´«Êä¡£ËüÊÇÒ»¸öÉîÊÜÐÅÍеÄÐÒ飬³£ÓÃÓÚÇå¾²µÄÔÚÏßÉúÒâÓªÒµºÍ½»Á÷Êý¾Ý¡£ÒÔÏÂÊÇÒ»¸öʹÓÃSSL¾ÙÐÐÇå¾²´«ÊäµÄʾÀý¡£
Ê×ÏÈÐèҪװÖÃOpenSSL£º
sudo apt-get install openssl
µÇ¼ºó¸´ÖÆ µÇ¼ºó¸´ÖÆ
È»ºó£¬ÄúÐèÒªÌìÉúÒ»¸ö×ÔÊðÃûÖ¤Ê飺
openssl req -newkey rsa:2048 -nodes -keyout server.key -x509 -days 365 -out server.crt
µÇ¼ºó¸´ÖÆ
Õ⽫ÌìÉúÒ»¸ö×ÔÊðÃûÖ¤Ê飬²¢½«ÆäÉúÑÄÔÚͳһ¸öĿ¼ÏµÄserver.crtºÍserver.keyÎļþÖС£ÏÖÔÚ£¬Äú¿ÉÒÔʹÓÃÒÔÏÂÏÂÁÉèÒ»¸öSSLЧÀÍÆ÷£º
openssl s_server -cert server.crt -key server.key -accept 443
µÇ¼ºó¸´ÖÆ
Õ⽫Æô¶¯Ò»¸öSSLЧÀÍÆ÷£¬Ê¹ÓÃ×ÔÊðÃûÖ¤Êé¾ÙÐÐÊý¾Ý´«Êä¡£
±¾ÎÄÏÈÈÝÁËÔÚLinuxϵͳÖоÙÐÐÊý¾Ý¼ÓÃܺÍÇå¾²´«ÊäµÄÒªÁ죬°üÀ¨Ê¹ÓÃPGP/GPG¡¢OpenSSLºÍLUKS¾ÙÐÐÊý¾Ý¼ÓÃÜ£¬ÒÔ¼°Ê¹ÓÃSSHºÍSSL¾ÙÐÐÇå¾²´«Êä¡£ÕâЩҪÁì¿ÉÌá¸ßÊý¾Ý´«ÊäµÄÉñÃØÐÔ¡¢ÍêÕûÐÔºÍÈÏÖ¤ÐÔ¡£ÎÒÃÇ»¹ÌṩÁËÏêϸµÄ´úÂëʾÀý£¬Ï£Íû¶Ô¶ÁÕßÓÐËù×ÊÖú¡£
ÒÔÉϾÍÊÇÔõÑù¾ÙÐÐLinuxϵͳµÄÊý¾Ý¼ÓÃܺÍÇå¾²´«ÊäµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡