keyserver.ubuntu.com port 80 vs 11371 and firewalls
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Invalid
|
Undecided
|
Unassigned |
Bug Description
keyserver.
This issue has affected me in both my current company and my previous one when trying to add PPA repositories to my ubuntu install. These companies are not draconian, they just run standard firewalls.
There is a question on this issue here: https:/
and a mailing-list discussion called "On apturls and repositories" here: https:/
I can't find an existing bug report for this, just this similar issue for gpg: https:/
According to the answer to the question linked above, the issue is that the default port of an SKS keyserver is 11371.
However I see that SKS keyserver software has an option to also run on port 80:
http://
"-use_port_80
Have the HKP interface listen on port 80, as well as the hkp_port."
...so the question is why is keyserver.
I realise we are dealing with the HKP protocol not HTTP, but if it would make ubuntu keyservers a lot more friendly with organisational firewalls by listening on port 80, can ubuntu consider doing that?
Currently to import a PPA key I use web proxy sites to access the keyserver on my behalf, then I copy and paste the PPA key from the proxy site into a file and I import it manually. It's a very involved process.
Alternatively perhaps we could add some workaround to the ubuntu "adding a PPA" process, for example add a web interface which displays public keys as text, which people can then saved to a file and import manually. This would avoid people having to use web proxy sites at least.
Finally I see a suggestion here: http://
...which involves setting up an SSH tunnel over port 22 to the keyserver. Again this is a very involved workaround.
It would be nice if the keyservers were just accessible without such workarounds.
opening http:// keyserver. ubuntu. com shows an Apache page. So, it looks like something is already running on port 80.
In any case, your issue is probably more suitable to be raised in http:// rt.ubuntu. com user/pw ubuntu/ubuntu