mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-25 23:11:02 +08:00
Translated by qhwdw
This commit is contained in:
qhwdw
parent
480d4f1f18
commit
d6e5f4bb13
@ -1,148 +0,0 @@
|
|||||||
Translating by qhwdw
|
|
||||||
How to Manage PGP and SSH Keys with Seahorse
|
|
||||||
============================================================
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Learn how to manage both PGP and SSH keys with the Seahorse GUI tool.[Creative Commons Zero][6]
|
|
||||||
|
|
||||||
Security is tantamount to peace of mind. After all, security is a big reason why so many users migrated to Linux in the first place. But why stop with merely adopting the platform, when you can also employ several techniques and technologies to help secure your desktop or server systems.
|
|
||||||
|
|
||||||
One such technology involves keys—in the form of PGP and SSH. PGP keys allow you to encrypt and decrypt emails and files, and SSH keys allow you to log into servers with an added layer of security.
|
|
||||||
|
|
||||||
Sure, you can manage these keys via the command-line interface (CLI), but what if you’re working on a desktop with a resplendent GUI? Experienced Linux users may cringe at the idea of shrugging off the command line, but not all users have the same skill set and comfort level there. Thus, the GUI!
|
|
||||||
|
|
||||||
In this article, I will walk you through the process of managing both PGP and SSH keys through the [Seahorse][14] GUI tool. Seahorse has a pretty impressive feature set; it can:
|
|
||||||
|
|
||||||
* Encrypt/decrypt/sign files and text.
|
|
||||||
|
|
||||||
* Manage your keys and keyring.
|
|
||||||
|
|
||||||
* Synchronize your keys and your keyring with remote key servers.
|
|
||||||
|
|
||||||
* Sign and publish keys.
|
|
||||||
|
|
||||||
* Cache your passphrase.
|
|
||||||
|
|
||||||
* Backup both keys and keyring.
|
|
||||||
|
|
||||||
* Add an image in any GDK supported format as a OpenPGP photo ID.
|
|
||||||
|
|
||||||
* Create, configure, and cache SSH keys.
|
|
||||||
|
|
||||||
For those that don’t know, Seahorse is a GNOME application for managing both encryption keys and passwords within the GNOME keyring. But fear not, Seahorse is available for installation on numerous desktops. And since Seahorse is found in the standard repositories, you can open up your desktop’s app store (such as Ubuntu Software or Elementary OS AppCenter) and install. To do this, locate Seahorse in your distribution’s application store and click to install. Once you have Seahorse installed, you’re ready to start making use of a very handy tool.
|
|
||||||
|
|
||||||
Let’s do just that.
|
|
||||||
|
|
||||||
### PGP Keys
|
|
||||||
|
|
||||||
The first thing we’re going to do is create a new PGP key. As I said earlier, PGP keys can be used to encrypt email (with tools like [Thunderbird][15]’s [Enigmail][16] or the built-in encryption function with [Evolution][17]). A PGP key also allows you to encrypt files. Anyone with your public key will be able to decrypt those emails or files. Without a PGP key, no can do.
|
|
||||||
|
|
||||||
Creating a new PGP key pair is incredibly simple with Seahorse. Here’s what you do:
|
|
||||||
|
|
||||||
1. Open the Seahorse app
|
|
||||||
|
|
||||||
2. Click the + button in the upper left corner of the main pane
|
|
||||||
|
|
||||||
3. Select PGP Key (Figure 1)
|
|
||||||
|
|
||||||
4. Click Continue
|
|
||||||
|
|
||||||
5. When prompted, type a full name and email address
|
|
||||||
|
|
||||||
6. Click Create
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Figure 1: Creating a PGP key with Seahorse.[Used with permission][1]
|
|
||||||
|
|
||||||
While creating your PGP key, you can click to expand the Advanced key options section, where you can configure a comment for the key, encryption type, key strength, and expiration date (Figure 2).
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Figure 2: PGP key advanced options.[Used with permission][2]
|
|
||||||
|
|
||||||
The comment section is very handy to help you remember a key’s purpose (or other informative bits).
|
|
||||||
With your PGP created, double-click on it from the key listing. In the resulting window, click on the Names and Signatures tab. In this window, you can sign your key (to indicate you trust this key). Click the Sign button and then (in the resulting window) indicate how carefully you’ve checked this key and how others will see the signature (Figure 3).
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Figure 3: Signing a key to indicate trust level.[Used with permission][3]
|
|
||||||
|
|
||||||
Signing keys is very important when you’re dealing with other people’s keys, as a signed key will ensure your system (and you) you’ve done the work and can fully trust an imported key.
|
|
||||||
|
|
||||||
Speaking of imported keys, Seahorse allows you to easily import someone’s public key file (the file will end in .asc). Having someone’s public key on your system means you can decrypt emails and files sent to you from them. However, Seahorse has suffered a [known bug][18] for quite some time. The problem is that Seahorse imports using gpg version one, but displays with gpg version two. This means, until this long-standing bug is fixed, importing public keys will always fail. If you want to import a public PGP key into Seahorse, you’re going to have to use the command line. So, if someone has sent you the file olivia.asc, and you want to import it so it can be used with Seahorse, you would issue the command gpg2 --import olivia.asc. That key would then appear in the GnuPG Keys listing. You can open the key, click the I trust signatures button, and then click the Sign this key button to indicate how carefully you’ve checked the key in question.
|
|
||||||
|
|
||||||
### SSH Keys
|
|
||||||
|
|
||||||
Now we get to what I consider to be the most important aspect of Seahorse—SSH keys. Not only does Seahorse make it easy to generate an SSH key, it makes it easy to send that key to a server, so you can take advantage of SSH key authentication. Here’s how you generate a new key and then export it to a remote server.
|
|
||||||
|
|
||||||
1. Open up Seahorse
|
|
||||||
|
|
||||||
2. Click the + button
|
|
||||||
|
|
||||||
3. Select Secure Shell Key
|
|
||||||
|
|
||||||
4. Click Continue
|
|
||||||
|
|
||||||
5. Give the key a description
|
|
||||||
|
|
||||||
6. Click Create and Set Up
|
|
||||||
|
|
||||||
7. Type and verify a passphrase for the key
|
|
||||||
|
|
||||||
8. Click OK
|
|
||||||
|
|
||||||
9. Type the address of the remote server and a remote login name found on the server (Figure 4)
|
|
||||||
|
|
||||||
10. Type the password for the remote user
|
|
||||||
|
|
||||||
11. Click OK
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Figure 4: Uploading an SSH key to a remote server.[Used with permission][4]
|
|
||||||
|
|
||||||
The new key will be uploaded to the remote server and is ready to use. If your server is set up for SSH key authentication, you’re good to go.
|
|
||||||
|
|
||||||
Do note, during the creation of an SSH key, you can click to expand the Advanced key options and configure Encryption Type and Key Strength (Figure 5).
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Figure 5: Advanced SSH key options.[Used with permission][5]
|
|
||||||
|
|
||||||
### A must-use for new Linux users
|
|
||||||
|
|
||||||
Any new-to-Linux user should get familiar with Seahorse. Even with its flaws, Seahorse is still an incredibly handy tool to have at the ready. At some point, you will likely want (or need) to encrypt or decrypt an email/file, or manage secure shell keys for SSH key authentication. If you want to do this, while avoiding the command line, Seahorse is the tool to use.
|
|
||||||
|
|
||||||
_Learn more about Linux through the free ["Introduction to Linux" ][13]course from The Linux Foundation and edX._
|
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
via: https://www.linux.com/learn/intro-to-linux/2018/2/how-manage-pgp-and-ssh-keys-seahorse
|
|
||||||
|
|
||||||
作者:[JACK WALLEN ][a]
|
|
||||||
译者:[译者ID](https://github.com/译者ID)
|
|
||||||
校对:[校对者ID](https://github.com/校对者ID)
|
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
|
||||||
|
|
||||||
[a]:https://www.linux.com/users/jlwallen
|
|
||||||
[1]:https://www.linux.com/licenses/category/used-permission
|
|
||||||
[2]:https://www.linux.com/licenses/category/used-permission
|
|
||||||
[3]:https://www.linux.com/licenses/category/used-permission
|
|
||||||
[4]:https://www.linux.com/licenses/category/used-permission
|
|
||||||
[5]:https://www.linux.com/licenses/category/used-permission
|
|
||||||
[6]:https://www.linux.com/licenses/category/creative-commons-zero
|
|
||||||
[7]:https://www.linux.com/files/images/seahorse1jpg
|
|
||||||
[8]:https://www.linux.com/files/images/seahorse2jpg
|
|
||||||
[9]:https://www.linux.com/files/images/seahorse3jpg
|
|
||||||
[10]:https://www.linux.com/files/images/seahorse4jpg
|
|
||||||
[11]:https://www.linux.com/files/images/seahorse5jpg
|
|
||||||
[12]:https://www.linux.com/files/images/fish-19076071920jpg
|
|
||||||
[13]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux
|
|
||||||
[14]:https://wiki.gnome.org/Apps/Seahorse
|
|
||||||
[15]:https://www.mozilla.org/en-US/thunderbird/
|
|
||||||
[16]:https://enigmail.net/index.php/en/
|
|
||||||
[17]:https://wiki.gnome.org/Apps/Evolution
|
|
||||||
[18]:https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/1577198
|
|
||||||
@ -0,0 +1,147 @@
|
|||||||
|
如何使用 Seahorse 管理 PGP 和 SSH 密钥
|
||||||
|
============================================================
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
学习使用 Seahorse GUI 工具去管理 PGP 和 SSH 密钥。[Creative Commons Zero][6]
|
||||||
|
|
||||||
|
安全无异于内心的平静。毕竟,安全是许多用户迁移到 Linux 的最大理由。但是当你可以采用几种方法和技术去确保你的桌面或者服务器系统的安全时,你为什么还要停止使用差不多已经接受的平台呢?
|
||||||
|
|
||||||
|
其中一项技术涉及到密钥 —在 PGP 和 SSH 中,PGP 密钥允许你去加密和解密电子邮件和文件,而 SSH 密钥允许你使用一个额外的安全层去登入服务器。
|
||||||
|
|
||||||
|
当然,你可以通过命令行接口(CLI)来管理这些密钥,但是,如果你使用一个华丽的 GUI 桌面环境呢?经验丰富的 Linux 用户可能对于摆脱命令行来工作感到很不适应,但是,并不是所有用户都具备与他们相同的技术和水平因此,使用 GUI!
|
||||||
|
|
||||||
|
在本文中,我将带你探索如何使用 [Seahorse][14] GUI 工具来管理 PGP 和 SSH 密钥。Seahorse 有非常强大的功能,它可以:
|
||||||
|
|
||||||
|
* 加密/解密/签名文件和文本。
|
||||||
|
|
||||||
|
* 管理你的密钥和密钥对。
|
||||||
|
|
||||||
|
* 同步你的密钥和密钥对到远程密钥服务器。
|
||||||
|
|
||||||
|
* 签名和发布密钥。
|
||||||
|
|
||||||
|
* 缓存你的密码。
|
||||||
|
|
||||||
|
* 备份密钥和密钥对。
|
||||||
|
|
||||||
|
* 在任何一个 GDK 支持的格式中添加一个图像作为一个 OpenPGP photo ID。
|
||||||
|
|
||||||
|
* 创建、配置、和缓存 SSH 密钥。
|
||||||
|
|
||||||
|
对于那些不了解 Seahorse 的人来说,它是一个在 GNOME 密钥对中管理加密密钥和密码的 GNOME 应用程序。不用担心,Seahorse 可以安装在许多的桌面上。并且由于 Seahorse 是在标准仓库中创建的,你可以打开你的桌面应用商店(比如,Ubuntu Software 或者 Elementary OS AppCenter)去安装它。因此,你可以在你的发行版的应用商店中点击去安装它。安装完成后,你就可以去使用这个很方便的工具了。
|
||||||
|
|
||||||
|
我们开始去使用它吧。
|
||||||
|
|
||||||
|
### PGP 密钥
|
||||||
|
|
||||||
|
我们需要做的第一件事情就是生成一个新的 PGP 密钥。正如前面所述,PGP 密钥可以用于加密电子邮件(使用一些工具,像 [Thunderbird][15] 的 [Enigmail][16] 或者使用 [Evolution][17] 内置的加密功能)。一个 PGP 密钥也可以用于加密文件。任何人使用你的公钥都可以解密你的电子邮件和文件。没有 PGP 密钥是做不到的。
|
||||||
|
|
||||||
|
使用 Seahorse 创建一个新的 PGP 密钥对是非常简单的。以下是操作步骤:
|
||||||
|
|
||||||
|
1. 打开 Seahorse 应用程序
|
||||||
|
|
||||||
|
2. 在主面板的左上角点击 + 按钮
|
||||||
|
|
||||||
|
3. 选择 PGP Key(如图 1 )
|
||||||
|
|
||||||
|
4. 点击 Continue
|
||||||
|
|
||||||
|
5. 当提示时,输入完整的名字和电子邮件地址
|
||||||
|
|
||||||
|
6. 点击 Create
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
图 1:使用 Seahorse 创建一个 PGP 密钥。[Used with permission][1]
|
||||||
|
|
||||||
|
在创建你的 PGP 密钥期间,你可以点击 Advanced key options 展开选项部分,在那里你可以为密钥添加注释信息、加密类型、密钥长度、以及过期时间(如图 2)。
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
图 2:PGP 密钥高级选项[Used with permission][2]
|
||||||
|
|
||||||
|
增加注释部分可以很方便帮你记住密钥的用途(或者其它的信息)。
|
||||||
|
要使用你创建的 PGP,可在密钥列表中双击它。在结果窗口中,点击 Names 和 Signatures 选项卡。在这个窗口中,你可以签名你的密钥(表示你信任这个密钥)。点击 Sign 按钮然后(在结果窗口中)标识 how carefully you’ve checked this key 和 how others will see the signature(如图 3)。
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
图 3:签名一个密钥表示信任级别。[Used with permission][3]
|
||||||
|
|
||||||
|
当你处理其它人的密钥时,密钥签名是非常重要的,因为一个签名的密钥将确保你的系统(和你)做了这项工作并且完全信任这个重要的密钥。
|
||||||
|
|
||||||
|
谈到导入的密钥,Seahorse 可以允许你很容易地去导入其他人的公钥文件(这个文件以 .asc 为后缀)。你的系统上有其他人的公钥,意味着你可以解密从他们那里发送给你的电子邮件和文件。然而,Seahorse 在很长的一段时间内都存在一个 [已知的 bug][18]。这个问题是,Seahorse 导入使用 GPG 版本 1,但是显示的是 GPG 版本 2。这意味着,在这个存在了很长时间的 bug 被修复之前,导入公钥总是失败的。如果你想导入一个公钥文件到 Seahorse 中,你只能去使用命令行。因此,如果有人发送给你一个文件 olivia.asc,你想去导入到 Seahorse 中使用它,你将只能运行命令 gpg2 --import olivia.asc。那个密钥将出现在 GnuPG 密钥列表中。你可以打开密钥,点击 I trust signatures 按钮,然后在问题 how carefully you’ve checked the key 中,点击 Sign this key 按钮去标示。
|
||||||
|
|
||||||
|
### SSH 密钥
|
||||||
|
|
||||||
|
现在我们来谈谈我认为 Seahorse 中最重要的一个方面 — SSH 密钥。Seahorse 不仅可以很容易地生成一个 SSH 密钥,而且它也可以很容易地将生成的密钥发送到服务器上,因此,你可以享受到 SSH 密钥验证的好处。下面是如何生成一个新的密钥以及如何导出它到一个远程服务器上。
|
||||||
|
|
||||||
|
1. 打开 Seahorse 应用程序
|
||||||
|
|
||||||
|
2. 点击 + 按钮
|
||||||
|
|
||||||
|
3. 选择 Secure Shell Key
|
||||||
|
|
||||||
|
4. 点击 Continue
|
||||||
|
|
||||||
|
5. 提供一个密钥描述信息
|
||||||
|
|
||||||
|
6. 点击 Set Up 去创建密钥
|
||||||
|
|
||||||
|
7. 输入密钥的验证密钥
|
||||||
|
|
||||||
|
8. 点击 OK
|
||||||
|
|
||||||
|
9. 输入远程服务器地址和服务器上的登陆名(如图 4)
|
||||||
|
|
||||||
|
10. 输入远程用户的密码
|
||||||
|
|
||||||
|
11. 点击 OK
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
图 4:上传一个 SSH 密钥到远程服务器。[Used with permission][4]
|
||||||
|
|
||||||
|
新密钥将上传到远程服务器上以准备好使用它。如果你的服务器已经设置为使用 SSH 密钥验证,那就一切就绪了。
|
||||||
|
|
||||||
|
需要注意的是,在创建一个 SSH 密钥期间,你可以点击 Advanced key options 去展开它,配置加密类型和密钥长度(如图 5)。
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
图 5:高级 SSH 密钥选项。[Used with permission][5]
|
||||||
|
|
||||||
|
### Linux 新手必备
|
||||||
|
|
||||||
|
任何 Linux 新手用户都可以很快熟悉使用 Seahorse。即便是它有缺陷,Seahorse 仍然是为你准备的一个极其方便的工具。有时候,你可能希望(或者需要)去加密或者解密一个电子邮件/文件,或者为使用 SSH 验证来管理 SSH 密钥。如果你想去这样做而不希望使用命令行,那么,Seahorse 将是非常适合你的工具。
|
||||||
|
|
||||||
|
_通过来自 Linux 基金会和 edX 的 ["Linux 入门" ][13] 免费课程学习更多 Linux 的知识。_
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
via: https://www.linux.com/learn/intro-to-linux/2018/2/how-manage-pgp-and-ssh-keys-seahorse
|
||||||
|
|
||||||
|
作者:[JACK WALLEN ][a]
|
||||||
|
译者:[qhwdw](https://github.com/qhwdw)
|
||||||
|
校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
|
[a]:https://www.linux.com/users/jlwallen
|
||||||
|
[1]:https://www.linux.com/licenses/category/used-permission
|
||||||
|
[2]:https://www.linux.com/licenses/category/used-permission
|
||||||
|
[3]:https://www.linux.com/licenses/category/used-permission
|
||||||
|
[4]:https://www.linux.com/licenses/category/used-permission
|
||||||
|
[5]:https://www.linux.com/licenses/category/used-permission
|
||||||
|
[6]:https://www.linux.com/licenses/category/creative-commons-zero
|
||||||
|
[7]:https://www.linux.com/files/images/seahorse1jpg
|
||||||
|
[8]:https://www.linux.com/files/images/seahorse2jpg
|
||||||
|
[9]:https://www.linux.com/files/images/seahorse3jpg
|
||||||
|
[10]:https://www.linux.com/files/images/seahorse4jpg
|
||||||
|
[11]:https://www.linux.com/files/images/seahorse5jpg
|
||||||
|
[12]:https://www.linux.com/files/images/fish-19076071920jpg
|
||||||
|
[13]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux
|
||||||
|
[14]:https://wiki.gnome.org/Apps/Seahorse
|
||||||
|
[15]:https://www.mozilla.org/en-US/thunderbird/
|
||||||
|
[16]:https://enigmail.net/index.php/en/
|
||||||
|
[17]:https://wiki.gnome.org/Apps/Evolution
|
||||||
|
[18]:https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/1577198
|
||||||
Loading…
Reference in New Issue
Block a user