Re: pam auth with ssh public key

2023-10-03 Thread jeremy ardley 



On 4/10/23 11:12, Kushal Kumaran wrote:

Perhaps set AuthenticationMethods to publickey,keyboard-interactive in
sshd_config?  Do read the full description of that parameter in the
manpage for other things that might interest you.


I finally managed to get my desired public key and google authenticator 
combo


edit /etc/pam.d/sshd and comment out comon-auth

|# @include common-auth in /etc/ssh/sshd_config UsePAM yes ||ChallengeResponseAuthentication yes ||PasswordAuthentication no AuthenticationMethods 
publickey,keyboard-interactive |

Re: pam auth with ssh public key

2023-10-03 Thread Kushal Kumaran 
On Wed, Oct 04 2023 at 10:08:14 AM, jeremy ardley  
wrote:
> I have set up a server with sshd allowing public key access. I also
> set up google authenticator in pam by putting this line at the head of
> /etc/pam.d/sshd
>
> auth required pam_google_authenticator.so
>
> If I connect to the server without a public key I get the
> authenticator prompt and then password prompt. As expected.
>
> If I connect with a public key I don't get an authenticator or
> password prompt. However, I expected an authenticator prompt but not a
> password prompt
>
> As far as I can tell, sshd does all the public key authentication
> stuff, and there isn't any documented way for pam to check the result
> of the public key other than inspect an environment variable
> SSH_AUTH_INFO_0
>
> All the docs I've read say pam doesn't do that out of the box.
>
> Has pam been updated at or before Debian 11 ? If so, where can I
> manage its actions?

Perhaps set AuthenticationMethods to publickey,keyboard-interactive in
sshd_config?  Do read the full description of that parameter in the
manpage for other things that might interest you.

-- 
regards,
kushal

pam auth with ssh public key

2023-10-03 Thread jeremy ardley 
I have set up a server with sshd allowing public key access. I also set 
up google authenticator in pam by putting this line at the head of 
/etc/pam.d/sshd


auth required pam_google_authenticator.so

If I connect to the server without a public key I get the authenticator 
prompt and then password prompt. As expected.


If I connect with a public key I don't get an authenticator or password 
prompt. However, I expected an authenticator prompt but not a password 
prompt


As far as I can tell, sshd does all the public key authentication stuff, 
and there isn't any documented way for pam to check the result of the 
public key other than inspect an environment variable SSH_AUTH_INFO_0


All the docs I've read say pam doesn't do that out of the box.

Has pam been updated at or before Debian 11 ? If so, where can I manage 
its actions?

Re: Causing segmentations fault; Was: Re: No Public Key

2022-11-14 Thread Greg Wooledge 
On Mon, Nov 14, 2022 at 08:44:54PM -, Curt wrote:
> On 2022-11-14,   wrote:
> >
> >> https://gitlab.com/muttmua/mutt/-/issues/428
> >
> > Is there a non-javascript-ey way to look at those issues?
> >
> 
> 
> Mutt crashes with SIGSEGV when uid -variable is NULL in 
> pgp_gpgme_extrace_keys().
> 
> Found in Mutt 2.0.5 (Debian 11 + 2.0.5-4.1+deb11u1).
> 
> Reproducible in:
> 
> 2.1.4 (Ubuntu 22.04LTS + binary package 2.1.4-1ubuntu1.1)
> 2.2.6 (Debian 11 + 2.2.6 tarball)
> 2.2.7 (Debian 11 + stable git source)
> Public mailing list archive to problematic mail here (I can provide mbox file 
> from my own archive).
> 
> Simple workaround (crypt-gpgme.c):
> 
> 2425   if (!more)
> 2426+  {
> 2427+if ( uid == NULL )
> 2428+{
> 2429+  err=1;
> 2430+  break;
> 2431+}
> 2432 fprintf (*fp, "%s %5.5s %d/%8s %s %s\n", more ? "sub" : "pub",
> 2433   gpgme_pubkey_algo_name (subkey->pubkey_algo), 
> subkey->length,
> 2434   shortid, date, uid->uid);
> 2435+  }
> 2436   else

Well... I've made a local mutt package with this applied, and I'll see
how it goes.  I didn't save any of the landmine emails, but I'm guessing
there'll be more.

Re: Causing segmentations fault; Was: Re: No Public Key

2022-11-14 Thread Curt 
On 2022-11-14,   wrote:
>
>> https://gitlab.com/muttmua/mutt/-/issues/428
>
> Is there a non-javascript-ey way to look at those issues?
>


Mutt crashes with SIGSEGV when uid -variable is NULL in 
pgp_gpgme_extrace_keys().

Found in Mutt 2.0.5 (Debian 11 + 2.0.5-4.1+deb11u1).

Reproducible in:

2.1.4 (Ubuntu 22.04LTS + binary package 2.1.4-1ubuntu1.1)
2.2.6 (Debian 11 + 2.2.6 tarball)
2.2.7 (Debian 11 + stable git source)
Public mailing list archive to problematic mail here (I can provide mbox file 
from my own archive).

Simple workaround (crypt-gpgme.c):

2425   if (!more)
2426+  {
2427+if ( uid == NULL )
2428+{
2429+  err=1;
2430+  break;
2431+}
2432 fprintf (*fp, "%s %5.5s %d/%8s %s %s\n", more ? "sub" : "pub",
2433   gpgme_pubkey_algo_name (subkey->pubkey_algo), 
subkey->length,
2434   shortid, date, uid->uid);
2435+  }
2436   else

Re: Causing segmentations fault; Was: Re: No Public Key

2022-11-14 Thread tomas 
On Mon, Nov 14, 2022 at 05:46:25PM +0100, Sven Joachim wrote:
> On 2022-11-14 11:39 -0500, Greg Wooledge wrote:
> 
> > If anyone figures out a way to make mutt NOT segfault when reading this
> > type of email, I'd love to hear it.
> 
> Upgrading to 2.2.8 or later should do the trick.  I can confirm that
> mutt 2.2.9-1 in unstable no longer segfaults displaying the message in
> question.

Thanks!

(btw, Gökşin's new message segfaults my mutt, Mutt 2.0.5 (2021-01-21) too)

> https://gitlab.com/muttmua/mutt/-/issues/428

Is there a non-javascript-ey way to look at those issues?

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Causing segmentations fault; Was: Re: No Public Key

2022-11-14 Thread David Wright 
On Mon 14 Nov 2022 at 11:39:11 (-0500), Greg Wooledge wrote:
> On Mon, Nov 14, 2022 at 07:33:00PM +0300, Gökşin Akdeniz wrote:
> > 14.11.2022 15:26 tarihinde Anssi Saari yazdı:
> > > 
> > > So does mutt try to check the PGP signature in Gökşin's message and
> > > crash due to that or some other issue?
> > > 
> > 
> > I use Thunderbird for reading, composing,sending e-mail and signing and
> > encrypting, decrypting e-mail messages.
> > 
> > Probably it is why mutt and GnuPG had troubles.
> 
> This message also caused mutt to segfault when I tried to open it and
> read it.  I can press L from the index to reply-to-list, which I'm
> doing now.  But I can't read the original.
> 
> If anyone figures out a way to make mutt NOT segfault when reading this
> type of email, I'd love to hear it.

No problem here on bullseye with mutt "Mutt/2.0.5 (2021-01-21)", but
that might be because I'm unconcerned about checking signatures, so
something might be uninstalled or unconfigured. Here's what I see
when Gökşin Akdeniz's second message is read:

--✄

Date: Mon, 14 Nov 2022 19:33:00 +0300
From: Gökşin Akdeniz 
Subject: Re: Causing segmentations fault; Was: Re: No Public Key
X-Original-To: deb...@lionunicorn.co.uk
X-Original-To: lists-debian-u...@bendel.debian.org

[-- PGP output follows (current time: Mon Nov 14 11:05:42 2022) --]
gpg: keyblock resource '/usr/share/keyrings/debian-keyring.pgp': No such file 
or directory
gpg: Signature made Mon Nov 14 10:33:00 2022 CST
gpg:using EDDSA key 9BD18DF7E46ECBFB0E468C6D648AAD2AAA3BAD5F
gpg: Can't check signature: No public key
[-- End of PGP output --]

[-- The following data is signed --]

Subject: Re: Causing segmentations fault; Was: Re: No Public Key

[-- Attachment #1 --]
[-- Type: multipart/mixed, Encoding: 7bit, Size: 9.0K --]

[-- Attachment #1 --]
[-- Type: text/plain, Encoding: base64, Size: 0.5K --]



14.11.2022 15:26 tarihinde Anssi Saari yazdı:

>
> So does mutt try to check the PGP signature in Gökşin's message and
> crash due to that or some other issue?
>

I use Thunderbird for reading, composing,sending e-mail and signing and
encrypting, decrypting e-mail messages.

Probably it is why mutt and GnuPG had troubles.

[-- Attachment #2: OpenPGP public key --]
[-- Type: application/pgp-keys, Encoding: quoted-printable, Size: 8.1K --]

[-- PGP output follows (current time: Mon Nov 14 11:05:42 2022) --]
gpg: keyblock resource '/usr/share/keyrings/debian-keyring.pgp': No such file 
or directory
[-- End of PGP output --]

[-- BEGIN PGP PUBLIC KEY BLOCK --]
pub   ed25519 2022-02-13 [SC] [expires: 2023-02-13]
  9BD18DF7E46ECBFB0E468C6D648AAD2AAA3BAD5F
uid   Gökşin Akdeniz (*BSD User, GNU/Linux User, eniXma Founder, eniXma 
Author, Scholar)
+
sub   cv25519 2022-02-13 [E] [expires: 2023-02-13]
pub   rsa4096 2020-02-08 [SCEA] [revoked: 2021-03-29]
  D33E279317FA00ACB438E040F4E1EEA55B6F910A
sub   rsa4096 2020-02-08 [E] [revoked: 2021-03-29]
pub   rsa2048 2015-01-06 [SCEA] [revoked: 2016-05-04]
  5584E544E1541B128ADD4802DDC4D6DAAC7DCCF7
sub   rsa2048 2015-01-06 [E] [revoked: 2016-05-04]
pub   rsa4096 2019-02-06 [SCEA] [revoked: 2020-02-08]
  00E7125AF1F0BD88BAB4D5E9443D65289EFEC656
sub   rsa4096 2019-02-06 [E] [revoked: 2020-02-08]

[-- END PGP PUBLIC KEY BLOCK --]



[-- End of signed data --]

--✄

Make of that what you will.

Cheers,
David.

Re: Causing segmentations fault; Was: Re: No Public Key

2022-11-14 Thread Sven Joachim 
On 2022-11-14 11:39 -0500, Greg Wooledge wrote:

> If anyone figures out a way to make mutt NOT segfault when reading this
> type of email, I'd love to hear it.

Upgrading to 2.2.8 or later should do the trick.  I can confirm that
mutt 2.2.9-1 in unstable no longer segfaults displaying the message in
question.

https://gitlab.com/muttmua/mutt/-/issues/428

Cheers,
   Sven

Re: Causing segmentations fault; Was: Re: No Public Key

2022-11-14 Thread Greg Wooledge 
On Mon, Nov 14, 2022 at 07:33:00PM +0300, Gökşin Akdeniz wrote:
> 
> 
> 14.11.2022 15:26 tarihinde Anssi Saari yazdı:
> 
> > 
> > So does mutt try to check the PGP signature in Gökşin's message and
> > crash due to that or some other issue?
> > 
> 
> I use Thunderbird for reading, composing,sending e-mail and signing and
> encrypting, decrypting e-mail messages.
> 
> Probably it is why mutt and GnuPG had troubles.

This message also caused mutt to segfault when I tried to open it and
read it.  I can press L from the index to reply-to-list, which I'm
doing now.  But I can't read the original.

If anyone figures out a way to make mutt NOT segfault when reading this
type of email, I'd love to hear it.

Re: Causing segmentations fault; Was: Re: No Public Key

2022-11-14 Thread Gökşin Akdeniz 



14.11.2022 15:26 tarihinde Anssi Saari yazdı:



So does mutt try to check the PGP signature in Gökşin's message and
crash due to that or some other issue?



I use Thunderbird for reading, composing,sending e-mail and signing and 
encrypting, decrypting e-mail messages.


Probably it is why mutt and GnuPG had troubles.


OpenPGP_0x648AAD2AAA3BAD5F_and_old_rev.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: Causing segmentations fault; Was: Re: No Public Key

2022-11-14 Thread Anssi Saari 
steve  writes:

> Le 14-11-2022, à 08:58:02 +0100, to...@tuxteam.de a écrit :
>
>>On Mon, Nov 14, 2022 at 08:51:47AM +0100, Henning Follmann wrote:
>>
>>[...]
>>
>>> Mutt crashes trying to open this post (while opening gnupg).
>>> That's weird.
>>
>>Confirmed.
>
> Here too.
>
> mutt 2.2.7 (2022-08-07)

So does mutt try to check the PGP signature in Gökşin's message and
crash due to that or some other issue?

Re: Causing segmentations fault; Was: Re: No Public Key

2022-11-14 Thread Thomas Pircher 

Henning Follmann wrote:

Mutt crashes trying to open this post (while opening gnupg).
That's weird.


When I save the message as attachment, and run gnupg over it, I get this
error message

| gpg: CRC error; 3B73F1 - DC33B7
| gpg: quoted printable character in armor - probably a buggy MTA has been used

GnuPG exits with error code 2. I guess mutt does gpg not expect to fail.

Thomas

Re: Causing segmentations fault; Was: Re: No Public Key

2022-11-14 Thread steve 

Le 14-11-2022, à 08:58:02 +0100, to...@tuxteam.de a écrit :


On Mon, Nov 14, 2022 at 08:51:47AM +0100, Henning Follmann wrote:

[...]


Mutt crashes trying to open this post (while opening gnupg).
That's weird.


Confirmed.


Here too.

mutt 2.2.7 (2022-08-07)

Re: No Public Key

2022-11-14 Thread Thomas Schmitt 
Hi,

Thomas George wrote:
> I thought to skip this step and tried
> gpg --verify SHA515SUMS.sign.txt debian-11.5.0-amd64-netinst.iso

That's not the right way.
SHA515SUMS.sign verifies SHA515SUMS
SHA515SUMS verifies debian-11.5.0-amd64-netinst.iso

The latter step can be done by this command in the directory where
SHA515SUMS and debian-11.5.0-amd64-netinst.iso have been downloaded:

  sha512sum -c SHA515SUMS

This is supposed to report:

  debian-11.5.0-amd64-netinst.iso: OK
  sha512sum: debian-edu-11.5.0-amd64-netinst.iso: No such file or directory
  debian-edu-11.5.0-amd64-netinst.iso: FAILED open or read
  sha512sum: debian-mac-11.5.0-amd64-netinst.iso: No such file or directory
  debian-mac-11.5.0-amd64-netinst.iso: FAILED open or read
  sha512sum: WARNING: 2 listed files could not be read

The errors and warnings are emitted because only one of the listed ISOs was
downloaded. Decisive is the line

  debian-11.5.0-amd64-netinst.iso: OK

--

Having the necessary public keys i get from the first verification step

  gpg --verify SHA512SUMS.sign SHA512SUMS

this report

  gpg: Signature made Sun 11 Sep 2022 01:00:08 AM CEST using RSA key ID 6294BE9B
  gpg: Good signature from "Debian CD signing key "
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:  There is no indication that the signature belongs to the owner.
  Primary key fingerprint: DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B


Untested proposal:

If none of the method given so far work for getting that public key, i
would try the link in line
  pub   rsa4096/DA87E80D6294BE9B 2011-01-05 [SC]
of
  https://www.debian.org/CD/verify

I.e.

  wget https://www.debian.org/CD/key-DA87E80D6294BE9B.txt

and then

  gpg --import key-DA87E80D6294BE9B.txt

(I will not try this gpg --import step here, out of superstition not to
change things which already work.
There are many web sites which show such examples. Like:
  https://linuxhint.com/export-import-keys-with-gpg/
)


Have a nice day :)

Thomas

Re: Causing segmentations fault; Was: Re: No Public Key

2022-11-13 Thread tomas 
On Mon, Nov 14, 2022 at 08:51:47AM +0100, Henning Follmann wrote:

[...]

> Mutt crashes trying to open this post (while opening gnupg).
> That's weird.

Confirmed.

Cheers
-- 
t


signature.asc
Description: PGP signature

Causing segmentations fault; Was: Re: No Public Key

2022-11-13 Thread Henning Follmann 
On Sun, Nov 13, 2022 at 11:46:22PM +0300, Gökşin Akdeniz wrote:
> Hello,
> 
> 13.11.2022 22:14 tarihinde Thomas George yazdı:
> > I want to do a new verified instillation of a debian iso. I have the iso
> > and SHA512SUMS.sign.txt and SHHA512SUMS.txt and have tried
> > 
> > gpg --verify SHA512SUMS.sign.txt SHA512SUMS.txt with the result No
> > Public Key
> > 
> 
> Debian public keys are listed on web pages for downloads. Here is the link
> for download page with checksums and public keys.
> 
> https://www.debian.org/download
> 
> Keys:
> https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA512SUMS.sign
> 
> Checksums:
> https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA512SUMS
> 
> > A reference to a step-by-step procedure would be appreciated.
> > 
> 
> 1. Get GnuPG key info from SHA512SUMS.sign with command "gpg --verify
> SHA512SUM.sign SHA512SUMS"
> 
> 2.GnuPG will report for missing keys in keyring. Simply copy GnuPG key id
> "DF9B9C49EAA9298432589D76DA87E80D6294BE9B" from output.
> 
> 3 Get public key from Debian Keyservers with command: "gpg --key-server
> keyring.debian.org --recv-keys DF9B9C49EAA9298432589D76DA87E80D6294BE9B"
> 
> 4.GnuPG will download the public key.
> 
> 5. Rerun verify command for checksum control: "gpg --verify SHA512SUM.sign
> SHA512SUMS"
> 
> 6. GnuPG will report if the SHA512SUMS file signature matches with
> SHA512SUM.sign
> 
> 7. If checksum of file is correct, then check the integrity of ISO files.:
> "sha512sum debian-11.5.0-amd64-netinst.iso"
> 
> 7.Calculated checksums and SHA512SUMS should match.
> 
> 
> I hope, it helps.

Mutt crashes trying to open this post (while opening gnupg).
That's weird.

-H


-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: No Public Key

2022-11-13 Thread Henning Follmann 
On Sun, Nov 13, 2022 at 07:27:21PM -0500, Thomas George wrote:
> Still strugglng. command suggested returns new key but no user id - skipped
> 
Please do not top post, especially not if answers were posted
properly in a chronological way.

here is what you should try:
gpg --keyserver keyring.debian.org --receive-keys 42468F4009EA8AC3

The previous recommended code used the fingerprint not the ID.
You should also specify the debian keyring because a lot of keyserver strip
the ID for anonymous requests.

-H



-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: No Public Key

2022-11-13 Thread Thomas George 

Still strugglng. command suggested returns new key but no user id - skipped

On 11/13/22 15:08, Darac Marjal wrote:


On 13/11/2022 19:14, Thomas George wrote:
I want to do a new verified instillation of a debian iso. I have the 
iso and SHA512SUMS.sign.txt and SHHA512SUMS.txt and have tried


gpg --verify SHA512SUMS.sign.txt SHA512SUMS.txt with the result No 
Public Key


I thought to skip this step and tried

gpg --verify SHA515SUMS.sign.txt debian-11.5.0-amd64-netinst.iso with 
the result Can't open signed data debian-11.5.0-amd64-netinst.iso


Clearly I am making some elementary mistakes. I have spent fruitless 
hours trying find and use a public key. One source suggested Curl 
ipinfo.io/ip. This outputs an ip address that seams to have nothing 
to do with my problem.


A reference to a step-by-step procedure would be appreciated.


https://www.debian.org/CD/verify says "The keys used for these 
signatures are all in the Debian GPG keyring and the best way to check 
them is to use that keyring to validate via the web of trust.". If you 
are using a Debian system, you can get those keys by installing 
"debian-archive-keyring". IF you're not (which is likely, given you're 
trying to install Debian), then that page also lists the fingerprints 
of the keys:


pub   rsa4096/988021A964E6EA7D 2009-10-03
  Key fingerprint = 1046 0DAD 7616 5AD8 1FBC  0CE9 9880 21A9 64E6 
EA7D

uid  Debian CD signing key 

pub   rsa4096/DA87E80D6294BE9B 2011-01-05 [SC]
  Key fingerprint = DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 
BE9B

uid  Debian CD signing key 

pub   rsa4096/42468F4009EA8AC3 2014-04-15 [SC]
  Key fingerprint = F41D 3034 2F35 4669 5F65  C669 4246 8F40 09EA 
8AC3
uid  Debian Testing CDs Automatic Signing Key 



So you should just be able to do, for example:

    $ gpg --receive-keys "1046 0DAD 7616 5AD8 1FBC  0CE9 9880 21A9 
64E6 EA7D"





Tom George

Re: No Public Key

2022-11-13 Thread Thomas George 

Still struggling command 3 below responds invalid option --key-server

On 11/13/22 15:46, Gökşin Akdeniz wrote:

Hello,

13.11.2022 22:14 tarihinde Thomas George yazdı:
I want to do a new verified instillation of a debian iso. I have the 
iso and SHA512SUMS.sign.txt and SHHA512SUMS.txt and have tried


gpg --verify SHA512SUMS.sign.txt SHA512SUMS.txt with the result No 
Public Key




Debian public keys are listed on web pages for downloads. Here is the 
link for download page with checksums and public keys.


https://www.debian.org/download

Keys: 
https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA512SUMS.sign


Checksums: 
https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA512SUMS



A reference to a step-by-step procedure would be appreciated.



1. Get GnuPG key info from SHA512SUMS.sign with command "gpg --verify 
SHA512SUM.sign SHA512SUMS"


2.GnuPG will report for missing keys in keyring. Simply copy GnuPG key 
id "DF9B9C49EAA9298432589D76DA87E80D6294BE9B" from output.


3 Get public key from Debian Keyservers with command: "gpg 
--key-server keyring.debian.org --recv-keys 
DF9B9C49EAA9298432589D76DA87E80D6294BE9B"


4.GnuPG will download the public key.

5. Rerun verify command for checksum control: "gpg --verify 
SHA512SUM.sign SHA512SUMS"


6. GnuPG will report if the SHA512SUMS file signature matches with 
SHA512SUM.sign


7. If checksum of file is correct, then check the integrity of ISO 
files.: "sha512sum debian-11.5.0-amd64-netinst.iso"


7.Calculated checksums and SHA512SUMS should match.


I hope, it helps.

Re: No Public Key

2022-11-13 Thread Gökşin Akdeniz 

Hello,

13.11.2022 22:14 tarihinde Thomas George yazdı:
I want to do a new verified instillation of a debian iso. I have the iso 
and SHA512SUMS.sign.txt and SHHA512SUMS.txt and have tried


gpg --verify SHA512SUMS.sign.txt SHA512SUMS.txt with the result No 
Public Key




Debian public keys are listed on web pages for downloads. Here is the 
link for download page with checksums and public keys.


https://www.debian.org/download

Keys: 
https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA512SUMS.sign


Checksums: 
https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA512SUMS



A reference to a step-by-step procedure would be appreciated.



1. Get GnuPG key info from SHA512SUMS.sign with command "gpg --verify 
SHA512SUM.sign SHA512SUMS"


2.GnuPG will report for missing keys in keyring. Simply copy GnuPG key 
id "DF9B9C49EAA9298432589D76DA87E80D6294BE9B" from output.


3 Get public key from Debian Keyservers with command: "gpg --key-server 
keyring.debian.org --recv-keys DF9B9C49EAA9298432589D76DA87E80D6294BE9B"


4.GnuPG will download the public key.

5. Rerun verify command for checksum control: "gpg --verify 
SHA512SUM.sign SHA512SUMS"


6. GnuPG will report if the SHA512SUMS file signature matches with 
SHA512SUM.sign


7. If checksum of file is correct, then check the integrity of ISO 
files.: "sha512sum debian-11.5.0-amd64-netinst.iso"


7.Calculated checksums and SHA512SUMS should match.


I hope, it helps.


OpenPGP_0x648AAD2AAA3BAD5F_and_old_rev.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: No Public Key

2022-11-13 Thread Darac Marjal 


On 13/11/2022 19:14, Thomas George wrote:
I want to do a new verified instillation of a debian iso. I have the 
iso and SHA512SUMS.sign.txt and SHHA512SUMS.txt and have tried


gpg --verify SHA512SUMS.sign.txt SHA512SUMS.txt with the result No 
Public Key


I thought to skip this step and tried

gpg --verify SHA515SUMS.sign.txt debian-11.5.0-amd64-netinst.iso with 
the result Can't open signed data debian-11.5.0-amd64-netinst.iso


Clearly I am making some elementary mistakes. I have spent fruitless 
hours trying find and use a public key. One source suggested Curl 
ipinfo.io/ip. This outputs an ip address that seams to have nothing to 
do with my problem.


A reference to a step-by-step procedure would be appreciated.


https://www.debian.org/CD/verify says "The keys used for these 
signatures are all in the Debian GPG keyring and the best way to check 
them is to use that keyring to validate via the web of trust.". If you 
are using a Debian system, you can get those keys by installing 
"debian-archive-keyring". IF you're not (which is likely, given you're 
trying to install Debian), then that page also lists the fingerprints of 
the keys:


pub   rsa4096/988021A964E6EA7D 2009-10-03
  Key fingerprint = 1046 0DAD 7616 5AD8 1FBC  0CE9 9880 21A9 64E6 EA7D
uid  Debian CD signing key 

pub   rsa4096/DA87E80D6294BE9B 2011-01-05 [SC]
  Key fingerprint = DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B
uid  Debian CD signing key 

pub   rsa4096/42468F4009EA8AC3 2014-04-15 [SC]
  Key fingerprint = F41D 3034 2F35 4669 5F65  C669 4246 8F40 09EA 8AC3
uid  Debian Testing CDs Automatic Signing Key 



So you should just be able to do, for example:

    $ gpg --receive-keys "1046 0DAD 7616 5AD8 1FBC  0CE9 9880 21A9 64E6 
EA7D"





Tom George



OpenPGP_signature
Description: OpenPGP digital signature

No Public Key

2022-11-13 Thread Thomas George 
I want to do a new verified instillation of a debian iso. I have the iso 
and SHA512SUMS.sign.txt and SHHA512SUMS.txt and have tried


gpg --verify SHA512SUMS.sign.txt SHA512SUMS.txt with the result No 
Public Key


I thought to skip this step and tried

gpg --verify SHA515SUMS.sign.txt debian-11.5.0-amd64-netinst.iso with 
the result Can't open signed data debian-11.5.0-amd64-netinst.iso


Clearly I am making some elementary mistakes. I have spent fruitless 
hours trying find and use a public key. One source suggested Curl 
ipinfo.io/ip. This outputs an ip address that seams to have nothing to 
do with my problem.


A reference to a step-by-step procedure would be appreciated.

Tom George

Re: Question on permission denied (public key)

2021-12-06 Thread john doe 

On 12/6/2021 9:32 AM, Adriel Peng wrote:

Hello

Sorry this is maybe not the debian question...

I have changed my github username today, after that I run this command in
local machine to update the remote url:

git remote set-url origin new.git.url/here

And I even run these two in local repo:

   git config --global user.email "n...@mail.com"
   git config --global user.name "new-username"

After doing those when I run git pull it always gets:

$ git pull
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

But, ssh -T g...@github.com works and it shows me the new user space.
Can you tell me how to fix this?


Not realy but here's some hints:
- Are you using the 'gh' utility?
- What did you change before the previous working URI and the not
working one?

--
John Doe

Question on permission denied (public key)

2021-12-06 Thread Adriel Peng 
Hello

Sorry this is maybe not the debian question...

I have changed my github username today, after that I run this command in
local machine to update the remote url:

git remote set-url origin new.git.url/here

And I even run these two in local repo:

  git config --global user.email "n...@mail.com"
  git config --global user.name "new-username"

After doing those when I run git pull it always gets:

$ git pull
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

But, ssh -T g...@github.com works and it shows me the new user space.
Can you tell me how to fix this?

Thanks a lot.

Re: Need Keyring Of Public Key

2019-05-04 Thread Reco 
Hi.

On Sat, May 04, 2019 at 11:30:26PM +0530, Bapi Dey wrote:
> I am using deb.debian.org
> 
> I need a Keyring for my apt. I am not able to find pub key of
> 8B48AD6246925553.
> 
> I use apt-key adv --keyserver http://keyring.debian.org --recv-keys 

apt-key adv --keyserver http://keys.gnupg.net --recv-keys 8B48AD6246925553

They've removed wheezy key from Debian keyserver recently.

Reco

Need Keyring Of Public Key

2019-05-04 Thread Bapi Dey 
I am using deb.debian.org

I need a Keyring for my apt. I am not able to find pub key of
8B48AD6246925553.

I use apt-key adv --keyserver http://keyring.debian.org --recv-keys 

But return error:- no valid OpenPGP data found. Total number process 0.

Re: Faulty .iso? No public key...

2018-01-09 Thread Jonathan Dowland 
What does "apt policy debian-archive-keyring" show? Which version (if
any) do you have installed?

You could also try "apt install debian-archive-keyring"

This should clear up the issues with stretch-updates, but not the
virtualbox repository. For that you'll need to find, verify and import
the relevant key for that repository to get apt to accept it.

Note that virtualbox is available from Debian itself in stretch-
backports.

Re: Faulty .iso? No public key...

2018-01-09 Thread didier gaumet 
Le 09/01/2018 à 07:33, Josh W. a écrit :
> I keep having the issue of no public key available and I don’t know what
> I should do…. Back up my computer and reinstall or is there a way to
> patch it up. I am attaching a file that shows what I am going through. I
> ran into all this this time will trying to install wine and adding to
> the sources.list file. I’ve had this problem with keys every since I
> downloaded the .iso for Debian Stretch… I am think that I might have
> gotten a faulty .iso file. Could some one point me in the direction of
> learning to check the checksum of a file or files. I would greatly
> appreciate it.
> 
> 
> 
> Joshua mailto:joshw8...@gmail.com>>

Maybe reconfiguring of reinstalling debian-archive-keyring package could
solve your problem?

Re: Faulty .iso? No public key...

2018-01-09 Thread Thomas Schmitt 
Hi,

besides the good advise of John Doe about verifying an ISO, it should be
stated that "no public key available" during installation is not a typical
sign for a damaged ISO.
I'd rather suspect its intentional content being not being correct or maybe
the package mirror server not being up to date.

Josh W. wrote:
> I keep having the issue of no public key available

Did you already report details ?
Which ISO image file exactly ? Can you tell the mirror server address ?


Have a nice day :)

Thomas

Re: Faulty .iso? No public key...

2018-01-08 Thread john doe 

On 1/9/2018 7:33 AM, Josh W. wrote:

I keep having the issue of no public key available and I don’t know what I
should do…. Back up my computer and reinstall or is there a way to patch it
up. I am attaching a file that shows what I am going through. I ran into
all this this time will trying to install wine and adding to the
sources.list file. I’ve had this problem with keys every since I downloaded
the .iso for Debian Stretch… I am think that I might have gotten a faulty
.iso file. Could some one point me in the direction of learning to check
the checksum of a file or files. I would greatly appreciate it.





To checksum a file you will need to use the corresponding checksum utility:
md5sum for MD5SUMS
sha1sum for SHA1SUMS
sha256 for SHA256SUMS
sha512sum for SHA512SUMS

On the download page for the desired iso file you have also 'SHA512SUMS' 
and 'SHA512SUMS.sign'.

You download both files using for instance 'wget'.

The first step is to verify the signature in 'SHA512SUMS' using 'gpg 
--verify *.sign'.
When you see 'good signature from ...', you have successfully verified 
the iso.


To checksum SHA512SUMS you would do:

$ sha512sum -c SHA512SUMS 2>&1 | grep -i ok

If you see something ending with ': ok', you have successfully 
checksummed the iso.


--
John Doe

Faulty .iso? No public key...

2018-01-08 Thread Josh W. 
I keep having the issue of no public key available and I don’t know what I
should do…. Back up my computer and reinstall or is there a way to patch it
up. I am attaching a file that shows what I am going through. I ran into
all this this time will trying to install wine and adding to the
sources.list file. I’ve had this problem with keys every since I downloaded
the .iso for Debian Stretch… I am think that I might have gotten a faulty
.iso file. Could some one point me in the direction of learning to check
the checksum of a file or files. I would greatly appreciate it.



Joshua 


Key Problems.odt
Description: application/vnd.oasis.opendocument.text

Re: Public Key

2017-08-24 Thread Mario Castelán Castro 
On 24/08/17 10:21, Dan Norton wrote:
> Oops - forgot to try GNU Stow. Another time maybe.

In this case, you used the package manager, so there is no need for
stow. GNU Stow is useful when installing manually, for example, when one
compiles from source.

> Thank you, Mario, for your help. Great discussion.

No problem Dan. Glad to be of help.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Public Key

2017-08-24 Thread Dan Norton 



On 08/23/2017 10:07 PM, Mario Castelán Castro wrote:

On 23/08/17 20:52, Dan Norton wrote:


Since borg is a self-contained binary, perhaps it does not need to be
formally declared as a package in Debian 8.

There is no relation between “is self-contained binary” and whether it
is in Debian. Again, borgbackup is available in Debian 8, but you have
to enable backports.

Moreover, Debian package borgbackups is not a self-contained binary. It
uses the package manager to install the dependencies, just as any other
package. It makes more sense this way when it is installed through the
package manager.


OK, following instructions for installing backports (thanks, Greg)



I added the following to /etc/apt/sources.list :
deb http://ftp.debian.org/debian jessie-backports main

followed by...
apt-get update
apt-get -t jessie-backports install borgbackup

and borg is installed.



By the way, I recommend to use GNU Stow
 when installing packages manually.
It makes administration much easier when several packages are installed,
and more so when upgrading or deleting packages.

The point is to keep each “package” (roughly, any program distributed
and installed as a whole; this is unrelated to packages as in apt-get)
in a directory exclusively of its own use under /usr/local/stow, or any
other directory. Then GNU Stow makes symbolic links from the directories
where the system expect the package to be (e.g.: /usr/local/bin) to the
place where the package is actually installed. This way you do not have
to remember which files belong to which package when uninstalling a
manually installed package. GNU Stow will also display a warning if you
try to install (using GNU Stow) packages that have colliding files,
instead of having them override eachother as would happen when doing
“make install”.


Oops - forgot to try GNU Stow. Another time maybe.

Thank you, Mario, for your help. Great discussion.

 - Dan

Re: Public Key

2017-08-24 Thread Greg Wooledge 
On Wed, Aug 23, 2017 at 09:07:02PM -0500, Mario Castelán Castro wrote:
> There is no relation between “is self-contained binary” and whether it
> is in Debian. Again, borgbackup is available in Debian 8, but you have
> to enable backports.

Which, for those who don't know, you do by following the instructions
at

Re: Public Key

2017-08-23 Thread Mario Castelán Castro 
On 23/08/17 20:52, Dan Norton wrote:
> Debian 8 is what I use. You must have snipped off that part of my post.

Right. You mentioned it in your very first post in this thread, but I
skipped over it. My bad.

> $ sudo gpg --keyserver 'hkp://pool.sks-keyservers.net' --fingerprint '6D5B 
> EF9A DD20 7580 5747 B70F 9F88 FB52 FAF7 B393'
> [sudo] password for dan:
> gpg: /root/.gnupg/trustdb.gpg: trustdb created
> gpg: error reading key: public key not found 

Ah, sorry. The correct command is “gpg --keyserver
'hkp://pool.sks-keyservers.net' --recv-keys 'FINGERPRINT'” (that is,
replace “--fingerprint” with “--recv-keys”).

> where have I seen that before? :-)
> 
> Since borg is a self-contained binary, perhaps it does not need to be
> formally declared as a package in Debian 8.

There is no relation between “is self-contained binary” and whether it
is in Debian. Again, borgbackup is available in Debian 8, but you have
to enable backports.

Moreover, Debian package borgbackups is not a self-contained binary. It
uses the package manager to install the dependencies, just as any other
package. It makes more sense this way when it is installed through the
package manager.

> The problem is "how can one
> verify the download before moving it into /user/local/bin" as
> recommended by the author?

By the way, I recommend to use GNU Stow
<https://www.gnu.org/software/stow/> when installing packages manually.
It makes administration much easier when several packages are installed,
and more so when upgrading or deleting packages.

The point is to keep each “package” (roughly, any program distributed
and installed as a whole; this is unrelated to packages as in apt-get)
in a directory exclusively of its own use under /usr/local/stow, or any
other directory. Then GNU Stow makes symbolic links from the directories
where the system expect the package to be (e.g.: /usr/local/bin) to the
place where the package is actually installed. This way you do not have
to remember which files belong to which package when uninstalling a
manually installed package. GNU Stow will also display a warning if you
try to install (using GNU Stow) packages that have colliding files,
instead of having them override eachother as would happen when doing
“make install”.

Regards.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Public Key

2017-08-23 Thread Mario Castelán Castro 
On 23/08/17 19:34, Dan Norton wrote:
> I'm all for that, but unfortunately...
> $ apt-cache show borgbackup | grep ^Homepage
> E: No packages found
> 
> Before posting I searched for borg and because nothing turned up I tried
> to install it another way. It's supposed to be a self-contained binary;
> the simplicity is appealing, but it's gotta be the real thing (not
> spoofed).

“borgbackup” is in Debian 9. In Debian 8, borgbackup is available in
backports.

If you are using Debian 9 or higher, then you have a configuration
problem because the package *is* there.

>> After you have followed this procedure to obtain a fingerprint of the
>> borg developer that signs the release, fetch the key with the following
>> command (substitute FINGERPRINT with the actual fingerprint. You need
>> not delete the spaces in the fingerprint, but do not delete the single
>> quotation marks in the command):
>>
>> gpg --keyserver 'hkps://hkps.pool.sks-keyservers.net' --recv-key
>> 'FINGERPRINT'
> How do we know about 'hkps://hkps.pool.sks-keyservers.net'? I tried the
> command...

pool.sks-keyservers.net is a pool of servers of OpenPGP keys (OpenPGP is
the format of keys and so on. GNU PG is the name of the program). Refer
to  for more information.

Note that unlike fingerprints, the key server is not a security-critical
component. All it does is to serve the *requested* key to GNU PG. If it
served a key that was not the one requested, GNU PG would detect it.
Though maybe denial of service attacks are possible by a malicious
server, this is not something that should worry you too much.

Always specify the full fingerprint when fetching keys. If you specify
one of the shorter IDs (like “3003BEC50642D919” or “0642D919”) , the
server could in principle generate a different key with the same ID and
give that to you instead.

> $ gpg --keyserver 'hkps://hkps.pool.sks-keyservers.net' --recv-key ' key>'
> gpg: requesting key FAF7B393 from hkps server hkps.pool.sks-keyservers.net
> gpgkeys: HTTP fetch error 1: unsupported protocol
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0

I am not sure, but I think you are using a very old version of GNU PG
that does not have support for HTTPS (HKPS is a protocol over HTTPS).
The default version in Debian 9 (2.1.18) supports HKPS.

But well, you can use plain HKP too:

gpg --keyserver 'hkp://pool.sks-keyservers.net' --fingerprint 'FINGERPRINT'

Make sure to use the whole fingerprint. It is a string of 40 hexadecimal
digits, optionally interleaved with spaces, like this:

E053 A25B CC30 2BBB 2DAD  EC03 3003 BEC5 0642 D919

-
When you reply in mailing list, please delete the parts of the quote
that is no longer relevant. Otherwise most of your message is quotation
and the conversation becomes hard to read.

Regards.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Public Key

2017-08-23 Thread Dan Norton 



On 08/23/2017 08:53 PM, Mario Castelán Castro wrote:

If you are using Debian 9 or higher, then you have a configuration
problem because the package *is* there.

Debian 8 is what I use. You must have snipped off that part of my post.



I am not sure, but I think you are using a very old version of GNU PG
that does not have support for HTTPS (HKPS is a protocol over HTTPS).
The default version in Debian 9 (2.1.18) supports HKPS.

But well, you can use plain HKP too:

gpg --keyserver 'hkp://pool.sks-keyservers.net' --fingerprint 'FINGERPRINT'

Hmm...
$ sudo gpg --keyserver 'hkp://pool.sks-keyservers.net' --fingerprint 
'6D5B EF9A DD20 7580 5747 B70F 9F88 FB52 FAF7 B393'

[sudo] password for dan:
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: error reading key: public key not found

where have I seen that before? :-)

Since borg is a self-contained binary, perhaps it does not need to be 
formally declared as a package in Debian 8. The problem is "how can one 
verify the download before moving it into /user/local/bin" as 
recommended by the author?


https://borgbackup.readthedocs.io/en/stable/installation.html#pyinstaller-binary

Verifying the download is the problem.

Re: Public Key

2017-08-23 Thread Mario Castelán Castro 
On 23/08/17 15:11, Dan Norton wrote:
> #1 SMP Debian 3.16.43-2+deb8u2 (2017-06-26)
> is on my desktop. In the process of installing borg from:
> 
> https://github.com/borgbackup/borg/releases

You can install it easily in Debian. The package is called “borgbackup”.
However, in Debian 9 it is an older version. If you want the latest
version in Debian 9 you will have to install from the sources.

> sudo apt-key add borg-linux64.gpg

There is no reason to do this. You should not change the apt-get keys
lightly. To install from source, there is no reason to add more trusted
keys to apt-get.

> If nothing is amiss so far (a big if), the problem now is:
> 
> $ gpg --verify borg-linux64.asc borg-linux64
> gpg: Signature made Sun 23 Jul 2017 07:23:38 PM EDT using RSA key ID
> 51F78E01
> gpg: Can't check signature: public key not found
> 
> How to get the public key?

See
<https://borgbackup.readthedocs.io/en/stable/support.html#security-contact>.

A key may claim to belong to X person, but you should not take the key's
word for granted. You must verify that X person indeed owns that key.
The best way to do this is that the person gives you face to face his
gpg key. Second best is using the OpenPGP web of trust.

In your case, probably neither option is possible, at least not
immediately (joining the web of trust usually requires physically
traveling to key signing parties, or something similar). The best you
can do is to trust the key given by the official borg page.

How do you know what is the official borg page? You should not trust a
search engine for this, nor what the page itself claim, but you can
trust the Debian developers (not because they are special, but because
you are trusting them by using Debian).

To see the home-page of a package in Debian, do as follows:

$ apt-cache show borgbackup | grep ^Homepage
Homepage: https://borgbackup.github.io/borgbackup/

After some clicks, starting in this page, you will end in the page I
mentioned (which is
<https://borgbackup.readthedocs.io/en/stable/support.html#security-contact>).

After you have followed this procedure to obtain a fingerprint of the
borg developer that signs the release, fetch the key with the following
command (substitute FINGERPRINT with the actual fingerprint. You need
not delete the spaces in the fingerprint, but do not delete the single
quotation marks in the command):

gpg --keyserver 'hkps://hkps.pool.sks-keyservers.net' --recv-key
'FINGERPRINT'

Regards.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Public Key

2017-08-23 Thread Dan Norton 



On 08/23/2017 07:24 PM, Mario Castelán Castro wrote:

On 23/08/17 15:11, Dan Norton wrote:

#1 SMP Debian 3.16.43-2+deb8u2 (2017-06-26)
is on my desktop. In the process of installing borg from:

https://github.com/borgbackup/borg/releases

You can install it easily in Debian. The package is called “borgbackup”.
However, in Debian 9 it is an older version. If you want the latest
version in Debian 9 you will have to install from the sources.

I'm all for that, but unfortunately...
$ apt-cache show borgbackup | grep ^Homepage
E: No packages found

Before posting I searched for borg and because nothing turned up I tried 
to install it another way. It's supposed to be a self-contained binary; 
the simplicity is appealing, but it's gotta be the real thing (not 
spoofed).



sudo apt-key add borg-linux64.gpg

There is no reason to do this. You should not change the apt-get keys
lightly. To install from source, there is no reason to add more trusted
keys to apt-get.

Glad to learn this now.



If nothing is amiss so far (a big if), the problem now is:

$ gpg --verify borg-linux64.asc borg-linux64
gpg: Signature made Sun 23 Jul 2017 07:23:38 PM EDT using RSA key ID
51F78E01
gpg: Can't check signature: public key not found

How to get the public key?

See
<https://borgbackup.readthedocs.io/en/stable/support.html#security-contact>.

A key may claim to belong to X person, but you should not take the key's
word for granted. You must verify that X person indeed owns that key.
The best way to do this is that the person gives you face to face his
gpg key. Second best is using the OpenPGP web of trust.

In your case, probably neither option is possible, at least not
immediately (joining the web of trust usually requires physically
traveling to key signing parties, or something similar). The best you
can do is to trust the key given by the official borg page.

How do you know what is the official borg page? You should not trust a
search engine for this, nor what the page itself claim, but you can
trust the Debian developers (not because they are special, but because
you are trusting them by using Debian).

To see the home-page of a package in Debian, do as follows:

$ apt-cache show borgbackup | grep ^Homepage
Homepage: https://borgbackup.github.io/borgbackup/
I like what you are saying. Now, if that package could be found we'd be 
in business.


After some clicks, starting in this page, you will end in the page I
mentioned (which is
<https://borgbackup.readthedocs.io/en/stable/support.html#security-contact>).

After you have followed this procedure to obtain a fingerprint of the
borg developer that signs the release, fetch the key with the following
command (substitute FINGERPRINT with the actual fingerprint. You need
not delete the spaces in the fingerprint, but do not delete the single
quotation marks in the command):

gpg --keyserver 'hkps://hkps.pool.sks-keyservers.net' --recv-key
'FINGERPRINT'
How do we know about 'hkps://hkps.pool.sks-keyservers.net'? I tried the 
command...


$ gpg --keyserver 'hkps://hkps.pool.sks-keyservers.net' --recv-key 'key>'

gpg: requesting key FAF7B393 from hkps server hkps.pool.sks-keyservers.net
gpgkeys: HTTP fetch error 1: unsupported protocol
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0





Regards.

Public Key

2017-08-23 Thread Dan Norton 

#1 SMP Debian 3.16.43-2+deb8u2 (2017-06-26)
is on my desktop. In the process of installing borg from:

https://github.com/borgbackup/borg/releases

I have downloaded borg-linux64 and borg-linux64.asc.

From README.txt, there are instructions for verifying the download:

[...]

To check the GPG signature, download both the binary and the corresponding
*.asc file and then (on the shell) type, e.g.:

gpg --verify borg-linux64.asc borg-linux64

The files are signed by:

Thomas Waldmann 
GPG key fingerprint: 6D5B EF9A DD20 7580 5747 B70F 9F88 FB52 FAF7 B393
[...]

and after several attempts to add this key and getting:

gpg: no valid OpenPGP data found.

I created borg-linux64.gpg containing the one-liner:

6D5BEF9ADD2075805747B70F9F88FB52FAF7B393

and got past "no valid" by doing (AFAICR):

sudo apt-key add borg-linux64.gpg

If nothing is amiss so far (a big if), the problem now is:

$ gpg --verify borg-linux64.asc borg-linux64
gpg: Signature made Sun 23 Jul 2017 07:23:38 PM EDT using RSA key ID 
51F78E01

gpg: Can't check signature: public key not found

How to get the public key?

Thanks,  - Dan

Re: "no public key" warning on upgrade to stretch

2017-06-22 Thread Henrique de Moraes Holschuh 
On Thu, 22 Jun 2017, Charles E. Blair wrote:
>When I type "apt-get upgrade" I get
> this message, and things stop:
> 
> W: There is no public key available for the following key IDs:
> EF0F382A1A7B6500
> 
>I hope there is a simple fix.

You can ignore the warning _in this specific instance_: it is expected,
and apt is using another key to verify the downloads.

This warning will be fixed for the Debian 8.9 oldstable point-release
(due in about a month or so), which adds the missing key.

-- 
  Henrique Holschuh

"no public key" warning on upgrade to stretch

2017-06-22 Thread Charles E. Blair 
   When I type "apt-get upgrade" I get
this message, and things stop:

W: There is no public key available for the following key IDs:
EF0F382A1A7B6500

   I hope there is a simple fix.

Re: cannot find public key for verifying SHASUM file for debian live iso

2014-08-12 Thread davidson 

On Tue, 12 Aug 2014, david...@ling.ohio-state.edu wrote:


Regarding whether keys used to sign debian-live releases are present
(or not) in debian-keyring.gpg or debian-role-keys.gpg :

On Mon, 11 Aug 2014, Francesco Ariis wrote:

On Sun, Aug 10, 2014 at 10:34:21PM -0400, david...@ling.ohio-state.edu 
wrote:
| $ gpgv --keyring /usr/share/keyrings/debian-keyring.gpg -vv -- 
SHA512SUMS.sign

| gpgv: armor: BEGIN PGP SIGNATURE
| gpgv: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
| :signature packet: algo 1, keyid DA87E80D6294BE9B
| version 4, created 1406210061, md5len 0, sigclass 0x00
| digest algo 8, begin of digest fc 43
| hashed subpkt 2 len 4 (sig created 2014-07-24)
| subpkt 16 len 8 (issuer key ID DA87E80D6294BE9B)
| data: [4096 bits]
| gpgv: assuming signed data in `SHA512SUMS'
| gpgv: Signature made Thu 24 Jul 2014 09:54:21 AM EDT using RSA key ID 
6294BE9B

| gpgv: Can't check signature: public key not found

This was not the outcome I was hoping for, but I am not sure what
to do next.


Hello Wes,

It seems the key ID 6294BE9B is found in
/usr/share/keyring/debian-role-keys.gpg [1]; .iso should verify with
that.

I was thinking of writing a three line paragraph to make the wiki
[2] more clear on the matter (i.e. provide the gpgv command with the
specific file to pass to --keyring), but after reading this:

   Official role keys have gradually replaced the use of personal
   keys belonging to developers. However, a decision was made not to
   go back and re-sign all the old releases that were already signed
   using the older keys.

I am unsure on whether Jessie and future releases will have their
.iso signed by a key from debian-keyring.gpg or
debian-role-keys.gpg. Can anyone shed light on the matter?


WRT debian-live, the thread below seems relevant.

https://lists.debian.org/debian-live/2014/04/msg4.html

Whether it casts light or shade is not clear to me.

By the way, the key for checking the sig below seems to be missing
from both debian-keyring.gpg and debian-role-keys.gpg :

http://live.debian.net/cdimage/release/stable+nonfree/amd64/iso-hybrid/SHA512SUMS.sig

This, below, seems to be the key in question:

[from http://www.debian.org/CD/verify]

| To ensure that the checksums files themselves are correct, use GnuPG
| to verify them against the accompanying signature files
| (e.g. MD5SSUMS.sign). The keys used for these signatures are all in
| the Debian GPG keyring and the best way to check them is to use that
| keyring to validate via the web of trust. To make life easier for
| users, here are the fingerprints for the keys that have been used for
| releases in recent years (with some UIDs removed for clarity):
[snipped some fingerprints/ids]
| pub   4096R/A9B26DF5 2014-01-03
|   Key fingerprint = 8A36 A2E8 91A5 C2A9 0DEB  7A8B 1239 00F2 A9B2 6DF5
| uid  Live Systems Project 
| sub   4096R/D0125917 2014-01-03
[snipped some more fingerprints/ids]


Just for the record, I checked the sig in question as follows:

See what key ID I'm looking for:

$ gpg --verify SHA512SUMS.sig
gpg: Signature made Wed 16 Jul 2014 02:39:10 PM EDT using RSA key ID A9B26DF5
gpg: Can't check signature: public key not found

Get the missing key:

$ gpg --keyserver keys.gnupg.net --recv-keys A9B26DF5
gpg: requesting key A9B26DF5 from hkp server keys.gnupg.net
gpg: key A9B26DF5: public key "Live Systems Project 
" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:   imported: 1  (RSA: 1)

Check the sig:

$ gpg --verify SHA512SUMS.sig
gpg: Signature made Wed 16 Jul 2014 02:39:10 PM EDT using RSA key ID A9B26DF5
gpg: Good signature from "Live Systems Project "
gpg: WARNING: This key is not certified with a trusted signature!
gpg:  There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8A36 A2E8 91A5 C2A9 0DEB  7A8B 1239 00F2 A9B2 6DF5

And then I compared the fingerprint in the output immediately above to
the corresponding fingerprint posted at http://debian.org/CD/verify .

-wes



I found this thread, which explains its absence from the keyring, for
a certain interpretation of the term explain:

https://lists.debian.org/debian-live/2014/03/msg00038.html

-wes



[1] 
http://anonscm.debian.org/cgit/keyring/keyring.git/tree/debian-role-keys-gpg

[2] http://www.debian.org/CD/verify








--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: 
https://lists.debian.org/alpine.deb.2.02.1408121928550.16...@brutus.ling.ohio-state.edu

Re: cannot find public key for verifying SHASUM file for debian live iso

2014-08-12 Thread davidson 

Regarding whether keys used to sign debian-live releases are present
(or not) in debian-keyring.gpg or debian-role-keys.gpg :

On Mon, 11 Aug 2014, Francesco Ariis wrote:


On Sun, Aug 10, 2014 at 10:34:21PM -0400, david...@ling.ohio-state.edu wrote:

| $ gpgv --keyring /usr/share/keyrings/debian-keyring.gpg -vv -- SHA512SUMS.sign
| gpgv: armor: BEGIN PGP SIGNATURE
| gpgv: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
| :signature packet: algo 1, keyid DA87E80D6294BE9B
| version 4, created 1406210061, md5len 0, sigclass 0x00
| digest algo 8, begin of digest fc 43
| hashed subpkt 2 len 4 (sig created 2014-07-24)
| subpkt 16 len 8 (issuer key ID DA87E80D6294BE9B)
| data: [4096 bits]
| gpgv: assuming signed data in `SHA512SUMS'
| gpgv: Signature made Thu 24 Jul 2014 09:54:21 AM EDT using RSA key ID 6294BE9B
| gpgv: Can't check signature: public key not found

This was not the outcome I was hoping for, but I am not sure what
to do next.


Hello Wes,

It seems the key ID 6294BE9B is found in
/usr/share/keyring/debian-role-keys.gpg [1]; .iso should verify with
that.

I was thinking of writing a three line paragraph to make the wiki
[2] more clear on the matter (i.e. provide the gpgv command with the
specific file to pass to --keyring), but after reading this:

   Official role keys have gradually replaced the use of personal
   keys belonging to developers. However, a decision was made not to
   go back and re-sign all the old releases that were already signed
   using the older keys.

I am unsure on whether Jessie and future releases will have their
.iso signed by a key from debian-keyring.gpg or
debian-role-keys.gpg. Can anyone shed light on the matter?


WRT debian-live, the thread below seems relevant.

 https://lists.debian.org/debian-live/2014/04/msg4.html

Whether it casts light or shade is not clear to me.

By the way, the key for checking the sig below seems to be missing
from both debian-keyring.gpg and debian-role-keys.gpg :

 
http://live.debian.net/cdimage/release/stable+nonfree/amd64/iso-hybrid/SHA512SUMS.sig

This, below, seems to be the key in question:

[from http://www.debian.org/CD/verify]

| To ensure that the checksums files themselves are correct, use GnuPG
| to verify them against the accompanying signature files
| (e.g. MD5SSUMS.sign). The keys used for these signatures are all in
| the Debian GPG keyring and the best way to check them is to use that
| keyring to validate via the web of trust. To make life easier for
| users, here are the fingerprints for the keys that have been used for
| releases in recent years (with some UIDs removed for clarity):
[snipped some fingerprints/ids]
| pub   4096R/A9B26DF5 2014-01-03
|   Key fingerprint = 8A36 A2E8 91A5 C2A9 0DEB  7A8B 1239 00F2 A9B2 6DF5
| uid  Live Systems Project 
| sub   4096R/D0125917 2014-01-03
[snipped some more fingerprints/ids]

I found this thread, which explains its absence from the keyring, for
a certain interpretation of the term explain:

 https://lists.debian.org/debian-live/2014/03/msg00038.html

-wes



[1] http://anonscm.debian.org/cgit/keyring/keyring.git/tree/debian-role-keys-gpg
[2] http://www.debian.org/CD/verify




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: 
https://lists.debian.org/alpine.deb.2.02.1408121805280.16...@brutus.ling.ohio-state.edu

Re: cannot find public key for verifying SHASUM file for debian live iso

2014-08-10 Thread davidson 

On Mon, 11 Aug 2014, Francesco Ariis wrote:


On Sun, Aug 10, 2014 at 10:34:21PM -0400, david...@ling.ohio-state.edu wrote:

| $ gpgv --keyring /usr/share/keyrings/debian-keyring.gpg -vv -- SHA512SUMS.sign
| gpgv: armor: BEGIN PGP SIGNATURE
| gpgv: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
| :signature packet: algo 1, keyid DA87E80D6294BE9B
| version 4, created 1406210061, md5len 0, sigclass 0x00
| digest algo 8, begin of digest fc 43
| hashed subpkt 2 len 4 (sig created 2014-07-24)
| subpkt 16 len 8 (issuer key ID DA87E80D6294BE9B)
| data: [4096 bits]
| gpgv: assuming signed data in `SHA512SUMS'
| gpgv: Signature made Thu 24 Jul 2014 09:54:21 AM EDT using RSA key ID 6294BE9B
| gpgv: Can't check signature: public key not found

This was not the outcome I was hoping for, but I am not sure what to
do next.


Hello Wes,

It seems the key ID 6294BE9B is found in
/usr/share/keyring/debian-role-keys.gpg [1]; .iso should verify with that.


Francesco, thank you!

That worked much better:

| $ gpgv --keyring /usr/share/keyrings/debian-role-keys.gpg -vv -- 
SHA512SUMS.sign
| gpgv: armor: BEGIN PGP SIGNATURE
| gpgv: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
| :signature packet: algo 1, keyid DA87E80D6294BE9B
| version 4, created 1406210061, md5len 0, sigclass 0x00
| digest algo 8, begin of digest fc 43
| hashed subpkt 2 len 4 (sig created 2014-07-24)
| subpkt 16 len 8 (issuer key ID DA87E80D6294BE9B)
| data: [4096 bits]
| gpgv: assuming signed data in `SHA512SUMS'
| gpgv: Signature made Thu 24 Jul 2014 09:54:21 AM EDT using RSA key ID 6294BE9B
| gpgv: Good signature from "Debian CD signing key "
| gpgv: binary signature, digest algorithm SHA256

And the Debian CD signing key is a "role key", of course.  Makes
perfect sense, in retrospect, when I read this:

/usr/share/doc/debian-keyring/README
| What the keyrings are
| -
[snip]
|  o debian-role-keys.gpg
|
| This is the keyring used to contain role account keys, such as
| "ftp-master" (it contains the key used to sign the Release files
| in the archive).

I am grateful for your help.

-wes




I was thinking of writing a three line paragraph to make the wiki [2] more
clear on the matter (i.e. provide the gpgv command with the specific file
to pass to --keyring), but after reading this:

   Official role keys have gradually replaced the use of personal keys
   belonging to developers. However, a decision was made not to go back and
   re-sign all the old releases that were already signed using the older keys.

I am unsure on whether Jessie and future releases will have their .iso signed
by a key from debian-keyring.gpg or debian-role-keys.gpg. Can anyone shed
light on the matter?

[1] http://anonscm.debian.org/cgit/keyring/keyring.git/tree/debian-role-keys-gpg
[2] http://www.debian.org/CD/verify




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: 
https://lists.debian.org/alpine.deb.2.02.1408110030190.23...@brutus.ling.ohio-state.edu

Re: cannot find public key for verifying SHASUM file for debian live iso

2014-08-10 Thread davidson 

Hi Jimmy.

Thank you for your reply.  But please see below for comments.

On Sun, 10 Aug 2014, Jimmy Johnson wrote:


david...@ling.ohio-state.edu wrote:

Good {evening,morning,afternoon}, fellow anglophones.

I am running Wheezy, and I plan to prepare a debian live cd using this
file:

 http://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-7.6.0-amd64-standard.iso 


Before doing this, however, I would like to verify the authenticity of
the SHA512SUMS file which I believe I obtained from here:

[snipped lots of stuff]

| gpgv: Can't check signature: public key not found

This was not the outcome I was hoping for, but I am not sure what to
do next.



I've always have good luck using the md5sum, open the console where the .iso 
is and type:$'md5sum debian-live-7.6.0-amd64-standard.iso' ,it's fast and 
easy. :)


And then, if you were going that route, you would compare the result
of that command with the corresponding hash in some reference file,
probably named something like MD5SUMS.

But, you might ask yourself, how do we know that the hashes in that
reference file are from a trusted source?

For that, you would look for a file called something like MD5SUMS.sig,
which would be the result of signing MD5SUMS with someone's private
key.

You would then want to obtain the public keys of trusted sources, and
then see which, if any, of those keys verified the signature in
MD5SUMS.sig.

It is this step that I am stalled at.  I'm using sha512sums, not
md5sums, but I would still be stalled, your advice notwithstanding, if
I were using md5sums.

I hope this clarifies what I am looking for.

-wes


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: 
https://lists.debian.org/alpine.deb.2.02.1408110004160.23...@brutus.ling.ohio-state.edu

Re: cannot find public key for verifying SHASUM file for debian live iso

2014-08-10 Thread Francesco Ariis 
On Sun, Aug 10, 2014 at 10:34:21PM -0400, david...@ling.ohio-state.edu wrote:
> | $ gpgv --keyring /usr/share/keyrings/debian-keyring.gpg -vv -- 
> SHA512SUMS.sign
> | gpgv: armor: BEGIN PGP SIGNATURE
> | gpgv: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
> | :signature packet: algo 1, keyid DA87E80D6294BE9B
> | version 4, created 1406210061, md5len 0, sigclass 0x00
> | digest algo 8, begin of digest fc 43
> | hashed subpkt 2 len 4 (sig created 2014-07-24)
> | subpkt 16 len 8 (issuer key ID DA87E80D6294BE9B)
> | data: [4096 bits]
> | gpgv: assuming signed data in `SHA512SUMS'
> | gpgv: Signature made Thu 24 Jul 2014 09:54:21 AM EDT using RSA key ID 
> 6294BE9B
> | gpgv: Can't check signature: public key not found
>
> This was not the outcome I was hoping for, but I am not sure what to
> do next.

Hello Wes,

It seems the key ID 6294BE9B is found in
/usr/share/keyring/debian-role-keys.gpg [1]; .iso should verify with that.

I was thinking of writing a three line paragraph to make the wiki [2] more
clear on the matter (i.e. provide the gpgv command with the specific file
to pass to --keyring), but after reading this:

Official role keys have gradually replaced the use of personal keys
belonging to developers. However, a decision was made not to go back and
re-sign all the old releases that were already signed using the older keys.

I am unsure on whether Jessie and future releases will have their .iso signed
by a key from debian-keyring.gpg or debian-role-keys.gpg. Can anyone shed
light on the matter?

[1] http://anonscm.debian.org/cgit/keyring/keyring.git/tree/debian-role-keys-gpg
[2] http://www.debian.org/CD/verify


signature.asc
Description: Digital signature

Re: cannot find public key for verifying SHASUM file for debian live iso

2014-08-10 Thread Jimmy Johnson 

david...@ling.ohio-state.edu wrote:

Good {evening,morning,afternoon}, fellow anglophones.

I am running Wheezy, and I plan to prepare a debian live cd using this
file:

 http://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-7.6.0-amd64-standard.iso 



Before doing this, however, I would like to verify the authenticity of
the SHA512SUMS file which I believe I obtained from here:

 http://live.debian.net/cdimage/release/stable/amd64/iso-hybrid/SHA512SUMS

And so, to that end, I downloaded...

 http://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/SHA512SUMS.sign 



But I am stuck now, because I cannot find the corresponding public
key, and don't know where to start looking for it.

What I have done so far:

I installed the debian-keyring package, and then I ran this:

| $ gpgv --keyring /usr/share/keyrings/debian-keyring.gpg -vv -- 
SHA512SUMS.sign

| gpgv: armor: BEGIN PGP SIGNATURE
| gpgv: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
| :signature packet: algo 1, keyid DA87E80D6294BE9B
| version 4, created 1406210061, md5len 0, sigclass 0x00
| digest algo 8, begin of digest fc 43
| hashed subpkt 2 len 4 (sig created 2014-07-24)
| subpkt 16 len 8 (issuer key ID DA87E80D6294BE9B)
| data: [4096 bits]
| gpgv: assuming signed data in `SHA512SUMS'
| gpgv: Signature made Thu 24 Jul 2014 09:54:21 AM EDT using RSA key ID 
6294BE9B

| gpgv: Can't check signature: public key not found

This was not the outcome I was hoping for, but I am not sure what to
do next.



I've always have good luck using the md5sum, open the console where the 
.iso is and type:$'md5sum debian-live-7.6.0-amd64-standard.iso' ,it's 
fast and easy. :)

--
Jimmy Johnson

Debian-Live - Wheezy - KDE 4.8.4 - AMD64 - EXT4 at sda1
Registered Linux User #380263


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/53e82fe0.3050...@gmail.com

cannot find public key for verifying SHASUM file for debian live iso

2014-08-10 Thread davidson 

Good {evening,morning,afternoon}, fellow anglophones.

I am running Wheezy, and I plan to prepare a debian live cd using this
file:

 
http://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-7.6.0-amd64-standard.iso

Before doing this, however, I would like to verify the authenticity of
the SHA512SUMS file which I believe I obtained from here:

 http://live.debian.net/cdimage/release/stable/amd64/iso-hybrid/SHA512SUMS

And so, to that end, I downloaded...

 
http://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/SHA512SUMS.sign

But I am stuck now, because I cannot find the corresponding public
key, and don't know where to start looking for it.

What I have done so far:

I installed the debian-keyring package, and then I ran this:

| $ gpgv --keyring /usr/share/keyrings/debian-keyring.gpg -vv -- SHA512SUMS.sign
| gpgv: armor: BEGIN PGP SIGNATURE
| gpgv: armor header: Version: GnuPG v1.4.12 (GNU/Linux)
| :signature packet: algo 1, keyid DA87E80D6294BE9B
| version 4, created 1406210061, md5len 0, sigclass 0x00
| digest algo 8, begin of digest fc 43
| hashed subpkt 2 len 4 (sig created 2014-07-24)
| subpkt 16 len 8 (issuer key ID DA87E80D6294BE9B)
| data: [4096 bits]
| gpgv: assuming signed data in `SHA512SUMS'
| gpgv: Signature made Thu 24 Jul 2014 09:54:21 AM EDT using RSA key ID 6294BE9B
| gpgv: Can't check signature: public key not found

This was not the outcome I was hoping for, but I am not sure what to
do next.

As mentioned above, I have installed the debian-keyring package, as
advised here:

http://www.debian.org/./CD/verify
| To ensure that the checksums files themselves are correct, use GnuPG
| to verify them against the accompanying signature files
| (e.g. MD5SSUMS.sign). The keys used for these signatures are all in
| the Debian GPG keyring <http://keyring.debian.org/> [...]

But that last part does not appear to be correct.  gpgv told me it
could not find the public key that will verify the sig for the
SHA512SUMS file.  The reason seems to be that
/usr/share/keyrings/debian-keyring.gpg does not contain the public key
in question.

| [...] and the best way to check them is to use that keyring to
| validate via the web of trust.

I don't have the slightest idea what that last bit is supposed to
mean, but I imagine it might not be important for my present goal.

The following, from the same page, looks relevant:

| To make life easier for users, here are the fingerprints for the
| keys that have been used for releases in recent years (with some
| UIDs removed for clarity):

[snipped some key ids/fingerprints]
pub   4096R/6294BE9B 2011-01-05
  Key fingerprint = DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B
uid  Debian CD signing key 
sub   4096R/11CD9819 2011-01-05
[snipped some more key ids/fingerprints]

As far as I can tell, this is encouraging, but not conclusive.  To
authenticate the signature on the file in question, I believe I need
the corresponding public key itself.

So, where can I obtain the public key one uses to verify the signature
on the SHA512SUMS file for the debian live iso in question?  Is there
a way to use the information above to retrieve it?

I assume that this should not be a difficult task, but I am finding it
rather difficult.  If someone could help me figure out how to do this,
I would be grateful.

Also, thank you for reading this far.

-wes


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: 
https://lists.debian.org/alpine.deb.2.02.1408102153430.22...@brutus.ling.ohio-state.edu

Re: `W: GPG error: http://www.backports.org lenny-backports Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EA8E8B2116BA136C'

2010-06-29 Thread Merciadri Luca 
Camaleón wrote:
> On Tue, 29 Jun 2010 12:09:56 +0200, Merciadri Luca wrote:
>
>   
>> Using apt-get's GUI, I receive
>>
>> ==
>> `W: GPG error: http://www.backports.org lenny-backports Release: The
>> following signatures couldn't be verified because the public key is not
>> available: NO_PUBKEY EA8E8B2116BA136C' ==
>>
>> Any idea(s)? I am using a standard /etc/apt/sources.list. Thanks.
>> 
>
> Did you already import the key of the "backports" repo?
>
> ***
> http://www.backports.org/dokuwiki/doku.php?id=instructions
>
> If you want apt to verify the downloaded backports you can import 
> backports.org archive’s key into apt:
>
> apt-get install debian-backports-keyring
>
> or
>
> gpg --keyserver hkp://subkeys.pgp.net --recv-keys 16BA136C
> gpg --export 16BA136C | apt-key add -
>
> or
>
> wget -O - http://backports.org/debian/archive.key | apt-key add -
> ***
>   
Thanks. That did the trick. I had not thought about it. I thought it was
not necessary.

N.B.: The first solution never worked (`debian-backports-keyring' looks
like unavailable using my sources.list).

-- 
Merciadri Luca
See http://www.student.montefiore.ulg.ac.be/~merciadri/
I use PGP. If there is an incompatibility problem with your mail
client, please contact me.


Look on the sunny side of life.



signature.asc
Description: OpenPGP digital signature

Re: `W: GPG error: http://www.backports.org lenny-backports Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EA8E8B2116BA136C'

2010-06-29 Thread Merciadri Luca 
Andrei Popescu wrote:
> On Ma, 29 iun 10, 12:09:56, Merciadri Luca wrote:
>   
>> Hi,
>>
>> Using apt-get's GUI, I receive
>> 
>  
> There is no apt-get GUI, do you mean aptitude?
>
>   
>> ==
>> `W: GPG error: http://www.backports.org lenny-backports Release: The
>> following signatures couldn't be verified because the public key is not
>> available: NO_PUBKEY EA8E8B2116BA136C'
>> ==
>>
>> Any idea(s)? I am using a standard /etc/apt/sources.list. Thanks.
>> 
>
> www.backports.org is (still) an unofficial repository. Because of this 
> the key is not included in debian-archive-keyring. An easy solution is 
> to install debian-backports-keyring by ignoring any apt-get or aptitude 
> warning and run 'update' again.
>
> If you care about this, AFAIK the key is signed by some Debian 
> Developers. Their keys are available in debian-keyring package (so you 
> have a trust path back to Debian).
>   
Thanks. Sorry, I thought www.backports.org were somewhat official. That
justifies my message.

-- 
Merciadri Luca
See http://www.student.montefiore.ulg.ac.be/~merciadri/
I use PGP. If there is an incompatibility problem with your mail
client, please contact me.






signature.asc
Description: OpenPGP digital signature

Re: `W: GPG error: http://www.backports.org lenny-backports Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EA8E8B2116BA136C'

2010-06-29 Thread Andrei Popescu 
On Ma, 29 iun 10, 12:09:56, Merciadri Luca wrote:
> Hi,
> 
> Using apt-get's GUI, I receive
 
There is no apt-get GUI, do you mean aptitude?

> ==
> `W: GPG error: http://www.backports.org lenny-backports Release: The
> following signatures couldn't be verified because the public key is not
> available: NO_PUBKEY EA8E8B2116BA136C'
> ==
> 
> Any idea(s)? I am using a standard /etc/apt/sources.list. Thanks.

www.backports.org is (still) an unofficial repository. Because of this 
the key is not included in debian-archive-keyring. An easy solution is 
to install debian-backports-keyring by ignoring any apt-get or aptitude 
warning and run 'update' again.

If you care about this, AFAIK the key is signed by some Debian 
Developers. Their keys are available in debian-keyring package (so you 
have a trust path back to Debian).

Regards,
Andrei
-- 
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic


signature.asc
Description: Digital signature

Re: `W: GPG error: http://www.backports.org lenny-backports Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EA8E8B2116BA136C'

2010-06-29 Thread Camaleón 
On Tue, 29 Jun 2010 12:09:56 +0200, Merciadri Luca wrote:

> Using apt-get's GUI, I receive
> 
> ==
> `W: GPG error: http://www.backports.org lenny-backports Release: The
> following signatures couldn't be verified because the public key is not
> available: NO_PUBKEY EA8E8B2116BA136C' ==
> 
> Any idea(s)? I am using a standard /etc/apt/sources.list. Thanks.

Did you already import the key of the "backports" repo?

***
http://www.backports.org/dokuwiki/doku.php?id=instructions

If you want apt to verify the downloaded backports you can import 
backports.org archive’s key into apt:

apt-get install debian-backports-keyring

or

gpg --keyserver hkp://subkeys.pgp.net --recv-keys 16BA136C
gpg --export 16BA136C | apt-key add -

or

wget -O - http://backports.org/debian/archive.key | apt-key add -
***

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/pan.2010.06.29.10.30...@gmail.com

Re: apt-get source produces gpg error. Can't check signature: public key not found

2010-01-07 Thread Sven Joachim 
On 2010-01-07 17:42 +0100, Stephen Powell wrote:

> On 2010-01-07 at 11:04:18 -0500, Sven Joachim wrote:
>> Install the debian-keyring package.
>
> Thank you!  That solves the problem.  But it requires 26M of disk space!
> Wow!  It's just a collection of keys, right?  Why is it so big?
> Are there THAT MANY Debian developers?

About thousand.

> On 2010-01-07 at 11:04:18 -0500, Sven Joachim wrote:
>> Because it is not necessary if you don't work with source packages.
>
> Well, I guess that makes sense.  But apt does not recommend or
> even suggest debian-keyring.  It seems to me that if one runs
> "apt-get source" and debian-keyring is not installed, apt-get
> should issue a warning message that debian-keyring is not installed.

I think this is more for dpkg-dev; that package suggests debian-keyring,
but dpkg-source could probably print some advice if gpg can't find the
key during extraction.

Sven


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: apt-get source produces gpg error. Can't check signature: public key not found

2010-01-07 Thread Stephen Powell 
On 2010-01-07 at 11:04:18 -0500, Sven Joachim wrote:
> Why do you run apt-get source as root?

I am used to being root when I run apt-get because this is required
when installing a binary package.  I assumed (perhaps incorrectly)
that installing a source package also required root privileges.
But since you're asking the question, that must not be the case.

On 2010-01-07 at 11:04:18 -0500, Sven Joachim wrote:
> Install the debian-keyring package.

Thank you!  That solves the problem.  But it requires 26M of disk space!
Wow!  It's just a collection of keys, right?  Why is it so big?
Are there THAT MANY Debian developers?

On 2010-01-07 at 11:04:18 -0500, Sven Joachim wrote:
> Because it is not necessary if you don't work with source packages.

Well, I guess that makes sense.  But apt does not recommend or
even suggest debian-keyring.  It seems to me that if one runs
"apt-get source" and debian-keyring is not installed, apt-get
should issue a warning message that debian-keyring is not installed.
Anyway, thanks for the help.  You hit the nail right on the head.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: apt-get source produces gpg error. Can't check signature: public key not found

2010-01-07 Thread Sven Joachim 
On 2010-01-07 16:37 +0100, Stephen Powell wrote:

> I am trying to get the source code for a Debian package with
>
> apt-get source xxx
>
> where xxx is the name of the package.  The retrieval of the source package
> appears to have been successful, but I get error messages along the way:
>
> gpg: new configuration file `/root/.gnupg/gpg.conf' created

Why do you run apt-get source as root?

> gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during 
> this run
> gpg: Signature made Sun 23 Nov 2008 09:06:32 PM EST using DSA key ID 12066207
> gpg: Can't check signature: public key not found
>
> Obviously I need to find and import the relevant public key.
> I don't know where to find the key, nor how to import it.
> I searched the internet and found some hits on "gpg 12066207",
> but I could not find specific instructions.

If you want to import the key into your keyring, "gpg --recv-keys" does
that for you.  However, this is not necessary.

> (1) Will someone please give me specific instructions on where to
> find the key, and how to install it, and

Install the debian-keyring package.

> (2) Will someone please explain why this key is not already installed,
> since this is an official Debian source package.

Because it is not necessary if you don't work with source packages.

Sven


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

apt-get source produces gpg error. Can't check signature: public key not found

2010-01-07 Thread Stephen Powell 
I am trying to get the source code for a Debian package with

apt-get source xxx

where xxx is the name of the package.  The retrieval of the source package
appears to have been successful, but I get error messages along the way:

gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this 
run
gpg: Signature made Sun 23 Nov 2008 09:06:32 PM EST using DSA key ID 12066207
gpg: Can't check signature: public key not found

Obviously I need to find and import the relevant public key.
I don't know where to find the key, nor how to import it.
I searched the internet and found some hits on "gpg 12066207",
but I could not find specific instructions.

(1) Will someone please give me specific instructions on where to
find the key, and how to install it, and

(2) Will someone please explain why this key is not already installed,
since this is an official Debian source package.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: public key

2009-04-03 Thread Daniel Dalton 
On Sat, Mar 28, 2009 at 01:06:22PM +0530, Sudev Barar wrote:
> 2009/3/28 Daniel Dalton :
> > How do I set up public key on linux? And then how do I sign files and
> > emails? I have read up on this, so understand the basics I think, but
> > just wondering what tools I use for: decrypting files, encrypting files,
> > signing files and actually generating my key?
> 
> Create a key. If you are using thundebird (as your mail in other
> thread implies) make sure you have installed enigmail package. If it
> has been installed you will see additional menu when you launch
> thunderbird which can hel you all this.

Cool, thanks, is working now although I use mutt, but might use
thunderbird as well... (for when I use x)

> 
> >
> > What is the difference between signing and encrypting?
> >
> 
> Encryption of outgoing document is done by recipients public key so
> that he can de-crypt. Signing is done by your key where the message is
> not neccessarily encrypted. This generates a hash which can be used by
> recipient to verify your message has not been tampered with using your
> public key.

Thanks for the explanation 

Daniel.


signature.asc
Description: Digital signature

Re: public key

2009-03-29 Thread owens 
>
>
>
> Original Message 
>From: andreimpope...@gmail.com
>To: debian-user@lists.debian.org
>Subject: Re: public key
>Date: Sun, 29 Mar 2009 11:33:51 +0300
>
>>On Sun,29.Mar.09, 09:44:33, Daniel Dalton wrote:
>>> Hi,
>>> 
>>> Okay, I've created my public key with gpg, how can I get mutt to
>use it
>>> now so I can sign all messages? And how do I encrypt mail?
>> 
>>From my ~/.mutt/muttrc
>>
>># GPG stuff
>># sign all, encrypting can be selected before sending
>>set crypt_autosign
>>
>># I don't want S/MIME
>>unset crypt_autosmime
>>
>># decrypt without asking
>>set pgp_auto_decode
>>
>># cache the passphrase longer than the default 300 sec.
>>set pgp_timeout=3600
>>
>>and in .gnupg/gpg.conf
>>
>>keyserver x-hkp://subkeys.pgp.net
>>keyserver-options auto-key-retrieve include-disabled include-revoked
>timeout=10
>>use-agent
>>
>>You also need to publish your *public* key to a keyserver, but I
>forgot 
>>how you do it (it's some magic incantation using gpg, see 'man
>gpg').
>>
>>> And when I sign a file, what's stopping someone else from doing:
>>> cp daniel's_signedfile.extention.sign ourfilename.txt.sign
>>
>>You can't mess with a signed text without breaking the signature
>(that's 
>>the whole point of it)
>> 
>>> How can someone verify I created the file and the signiture wasn't
>just
>>> copied and pasted?
>>
>>GOOD verification is a bit more difficult. Right now I could only
>tell 
>>that the signature is *valid*, but there's no way to tell if it was
>you. 
>>
>>Ideally you meet the other party in person and you exchange PGP 
>>signatures. This works for your family or close friends. On a larger
>
>>scale (the Debian project has ~1000 developers and many of them
>never 
>>meet) you need a Web of Trust:
>>
>>I never meet you, but maybe I meet with Ron and exchange signatures
>and 
>>Ron meets you and exchange signatures. If I receive a message from
>you 
>>GPG can tell me that the message was indeed signed with the same
>secret 
>>key that Ron signed.
>>
>>Whether that key really belongs to you is another question. The
>minimum 
>>that should be done when signing the key is some sort of ID check.
>>
>>Regards,
>>Andrei
>>-- 
>>If you can't explain it simply, you don't understand it well enough.
>>(Albert Einstein)
>>
Here's how it works (roughly)
1.  The signature is encrypted with the sender's private key
2.  The entire document (including the encrypted signature) is
encrypted with the receivers public key

Upon reception:
3.  The receiver decrypts the document using his/her private key
(this "guarantees" that the document was not tampered with and was
destined only for the receiver)
4.  The receiver decrypts the signature using the sender's public key
(since only the sender had his/her private key this guarantees that
the document came only from the sender)

All this stuff depends of course on the distribution of public keys
and more importantly the correlation between the public key and the
actual owner of that key.  As someone else pointed out the safest way
is to meet and physically exchange public keys.  Obviously that isn't
always possible.  The alternative is to each send your public key to
a trusted third party who supposedly verifies the owner and
potentially distributes the public key to other trusted key servers.
larry




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: public key

2009-03-29 Thread Chris Bannister 
On Sat, Mar 28, 2009 at 05:21:47PM +1100, Daniel Dalton wrote:
> Hi,
> 
> How do I set up public key on linux? And then how do I sign files and
> emails? I have read up on this, so understand the basics I think, but
> just wondering what tools I use for: decrypting files, encrypting files,
> signing files and actually generating my key?

Install gnupg.
 
> What is the difference between signing and encrypting?

Search google for PGP. Also  "mutt gnupg howto"

-- 
Chris.
==
I contend that we are both atheists. I just believe in one fewer god
than you do. When you understand why you dismiss all the other
possible gods, you will understand why I dismiss yours.
   -- Stephen F Roberts


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: public key

2009-03-29 Thread Andrei Popescu 
On Sun,29.Mar.09, 09:44:33, Daniel Dalton wrote:
> Hi,
> 
> Okay, I've created my public key with gpg, how can I get mutt to use it
> now so I can sign all messages? And how do I encrypt mail?
 
From my ~/.mutt/muttrc

# GPG stuff
# sign all, encrypting can be selected before sending
set crypt_autosign

# I don't want S/MIME
unset crypt_autosmime

# decrypt without asking
set pgp_auto_decode

# cache the passphrase longer than the default 300 sec.
set pgp_timeout=3600

and in .gnupg/gpg.conf

keyserver x-hkp://subkeys.pgp.net
keyserver-options auto-key-retrieve include-disabled include-revoked timeout=10
use-agent

You also need to publish your *public* key to a keyserver, but I forgot 
how you do it (it's some magic incantation using gpg, see 'man gpg').

> And when I sign a file, what's stopping someone else from doing:
> cp daniel's_signedfile.extention.sign ourfilename.txt.sign

You can't mess with a signed text without breaking the signature (that's 
the whole point of it)
 
> How can someone verify I created the file and the signiture wasn't just
> copied and pasted?

GOOD verification is a bit more difficult. Right now I could only tell 
that the signature is *valid*, but there's no way to tell if it was you. 

Ideally you meet the other party in person and you exchange PGP 
signatures. This works for your family or close friends. On a larger 
scale (the Debian project has ~1000 developers and many of them never 
meet) you need a Web of Trust:

I never meet you, but maybe I meet with Ron and exchange signatures and 
Ron meets you and exchange signatures. If I receive a message from you 
GPG can tell me that the message was indeed signed with the same secret 
key that Ron signed.

Whether that key really belongs to you is another question. The minimum 
that should be done when signing the key is some sort of ID check.

Regards,
Andrei
-- 
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)


signature.asc
Description: Digital signature

Re: public key

2009-03-28 Thread Memnon Anon 
Daniel Dalton  writes:
[...]

> How can someone verify I created the file and the signiture wasn't just
> copied and pasted?

http://www.gnupg.org/gph/en/manual.html ?



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: public key

2009-03-28 Thread Daniel Dalton 
Hi,

Okay, I've created my public key with gpg, how can I get mutt to use it
now so I can sign all messages? And how do I encrypt mail?

And when I sign a file, what's stopping someone else from doing:
cp daniel's_signedfile.extention.sign ourfilename.txt.sign

How can someone verify I created the file and the signiture wasn't just
copied and pasted?

Thanks,

Daniel.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: public key

2009-03-28 Thread owens 
>
>
>
> Original Message 
>From: sba...@gmail.com
>To: d.dal...@iinet.net.au, debian-user@lists.debian.org
>Subject: Re: public key
>Date: Sat, 28 Mar 2009 13:06:22 +0530
>
>>2009/3/28 Daniel Dalton :
>>> How do I set up public key on linux? And then how do I sign files
>and
>>> emails? I have read up on this, so understand the basics I think,
>but
>>> just wondering what tools I use for: decrypting files, encrypting
>files,
>>> signing files and actually generating my key?
>>
>>Create a key. If you are using thundebird (as your mail in other
>>thread implies) make sure you have installed enigmail package. If it
>>has been installed you will see additional menu when you launch
>>thunderbird which can hel you all this.
>>
>>>
>>> What is the difference between signing and encrypting?
>>>
>>
>>Encryption of outgoing document is done by recipients public key so
>>that he can de-crypt. Signing is done by your key where the message
>is
>>not neccessarily encrypted. This generates a hash which can be used
>by
>>recipient to verify your message has not been tampered with using
>your
>>public key.
>>
>>-- 
>>Regards,
>>Sudev Barar
>>Read http://blog.sudev.in for topics ranging from here to there.
>>
>>PS: I know most of people do not follow email niceties (mostly they
>>are not aware) but if you follow bottom post/in-line post style of
>>email conversations it becomes a whole lot easier to carry on
>>meaningful dialogue and you can snip out what is not meaningful too.
>>Most people just hit reply button and top post leaving prior message
>>appended uselessly at bottom. See if you can adopt this style and
>>persuade others. In case you are already doing this . great,
>>spread the message.
>>
>>
A little more on signing vs. encryption.  While both use algorithms
and keys the purpose of encrption (in your context) is to make sure
that no one can read the message even if they are able to intercept
the transmission.  The purpose of signing is to make sure the message
was in fact sent by the correct person.
Larry
>>-- 
>>To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
>>with a subject of "unsubscribe". Trouble? Contact listmas...@lists.d
>ebian.org
>>
>>




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: public key

2009-03-28 Thread Sudev Barar 
2009/3/28 Daniel Dalton :
> How do I set up public key on linux? And then how do I sign files and
> emails? I have read up on this, so understand the basics I think, but
> just wondering what tools I use for: decrypting files, encrypting files,
> signing files and actually generating my key?

Create a key. If you are using thundebird (as your mail in other
thread implies) make sure you have installed enigmail package. If it
has been installed you will see additional menu when you launch
thunderbird which can hel you all this.

>
> What is the difference between signing and encrypting?
>

Encryption of outgoing document is done by recipients public key so
that he can de-crypt. Signing is done by your key where the message is
not neccessarily encrypted. This generates a hash which can be used by
recipient to verify your message has not been tampered with using your
public key.

-- 
Regards,
Sudev Barar
Read http://blog.sudev.in for topics ranging from here to there.

PS: I know most of people do not follow email niceties (mostly they
are not aware) but if you follow bottom post/in-line post style of
email conversations it becomes a whole lot easier to carry on
meaningful dialogue and you can snip out what is not meaningful too.
Most people just hit reply button and top post leaving prior message
appended uselessly at bottom. See if you can adopt this style and
persuade others. In case you are already doing this . great,
spread the message.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

public key

2009-03-27 Thread Daniel Dalton 
Hi,

How do I set up public key on linux? And then how do I sign files and
emails? I have read up on this, so understand the basics I think, but
just wondering what tools I use for: decrypting files, encrypting files,
signing files and actually generating my key?

What is the difference between signing and encrypting?

Daniel.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: lenny-backports public key is not available - SOLVED

2009-02-15 Thread Boyd Stephen Smith Jr. 
On Sunday 15 February 2009 16:24:36 Rick Thomas wrote:
> On "http://www.backports.org/dokuwiki/doku.php?id=instructions"; it
> says to do this:
>   wget -O - http://backports.org/debian/archive.key | apt-key add -
>
> I did, and all is well...

(1) There was a debian-backports-keyring for Etch.
(2) Those instructions have that as the last option in a set of 3 
alternatives.
(3) The *first* alternative is 'apt-get install debian-backports-keyring', but 
that doesn't work, and probably *is* a bug.
-- 
Boyd Stephen Smith Jr.   ,= ,-_-. =.
b...@iguanasuicide.net   ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/\_/



signature.asc
Description: This is a digitally signed message part.

Re: lenny-backports public key is not available - SOLVED

2009-02-15 Thread Rick Thomas 

Hmmm... "When all else fails, read the instructions."

On "http://www.backports.org/dokuwiki/doku.php?id=instructions"; it  
says to do this:

wget -O - http://backports.org/debian/archive.key | apt-key add -

I did, and all is well...

Rick


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Fwd: lenny-backports public key is not available

2009-02-15 Thread Rick Thomas 
I submitted this as a bug report, but as I didn't know what package to  
submit it against, I doubt it will be seen.  So I'm forwarding it to  
"debian-users" in hopes that it will reach the right people there...


Thanks!

Rick

Begin forwarded message:


From: Rick Thomas 
Date: February 15, 2009 4:39:22 PM EST
To: Debian Bug Tracking System 
Subject: lenny-backports public key is not available

Package: backports
Severity: normal


To celebrate the relesase of Lenny as Stable, I added "volatile" and  
"backports" to my

sources.list file.  When I did "aptitude update" I got:

Reading package lists... Done
W: GPG error: http://www.backports.org lenny-backports Release: The  
following signatures
couldn't be verified because the public key is not available:  
NO_PUBKEYEA8E8B2116BA136C

W: You may want to run apt-get update to correct these problems




Full output of aptitude update and text of my sources.list file  
follow:


lilserver:~# aptitude update
Hit http://debian.lcs.mit.edu lenny Release.gpg
Hit http://ftp3.nrc.ca lenny Release.gpg
Hit http://debian.lcs.mit.edu lenny Release
Hit http://ftp3.nrc.ca lenny Release
Ign http://ftp3.nrc.ca lenny/main Packages/DiffIndex
Ign http://debian.lcs.mit.edu lenny/main Packages/DiffIndex
Ign http://ftp3.nrc.ca lenny/non-free Packages/DiffIndex
Ign http://ftp3.nrc.ca lenny/contrib Packages/DiffIndex
Ign http://ftp3.nrc.ca lenny/main Sources/DiffIndex
Ign http://ftp3.nrc.ca lenny/non-free Sources/DiffIndex
Ign http://ftp3.nrc.ca lenny/contrib Sources/DiffIndex
Hit http://ftp3.nrc.ca lenny/main Packages
Hit http://ftp3.nrc.ca lenny/non-free Packages
Hit http://ftp3.nrc.ca lenny/contrib Packages
Hit http://ftp3.nrc.ca lenny/main Sources
Hit http://ftp3.nrc.ca lenny/non-free Sources
Hit http://ftp3.nrc.ca lenny/contrib Sources
Get:1 http://www.backports.org lenny-backports Release.gpg [189B]
Get:2 http://volatile.debian.org lenny/volatile Release.gpg [189B]
Hit http://security.debian.org lenny/updates Release.gpg
Get:3 http://www.backports.org lenny-backports Release [56.1kB]
Hit http://security.debian.org lenny/updates Release
Get:4 http://volatile.debian.org lenny/volatile Release [40.7kB]
Ign http://debian.lcs.mit.edu lenny/contrib Packages/DiffIndex
Ign http://debian.lcs.mit.edu lenny/non-free Packages/DiffIndex
Ign http://debian.lcs.mit.edu lenny/main Sources/DiffIndex
Ign http://debian.lcs.mit.edu lenny/contrib Sources/DiffIndex
Ign http://debian.lcs.mit.edu lenny/non-free Sources/DiffIndex
Hit http://debian.lcs.mit.edu lenny/main Packages
Ign http://security.debian.org lenny/updates/main Packages/DiffIndex
Hit http://debian.lcs.mit.edu lenny/contrib Packages
Hit http://debian.lcs.mit.edu lenny/non-free Packages
Hit http://debian.lcs.mit.edu lenny/main Sources
Hit http://debian.lcs.mit.edu lenny/contrib Sources
Hit http://debian.lcs.mit.edu lenny/non-free Sources
Ign http://security.debian.org lenny/updates/main Sources/DiffIndex
Hit http://security.debian.org lenny/updates/main Packages
Hit http://security.debian.org lenny/updates/main Sources
Ign http://www.backports.org lenny-backports Release
Get:5 http://www.backports.org lenny-backports/main Packages [14B]
Get:6 http://volatile.debian.org lenny/volatile/main Packages [792B]
Get:7 http://www.backports.org lenny-backports/contrib Packages [14B]
Get:8 http://www.backports.org lenny-backports/non-free Packages [14B]
Get:9 http://volatile.debian.org lenny/volatile/contrib Packages [14B]
Get:10 http://volatile.debian.org lenny/volatile/non-free Packages  
[14B]

Fetched 98.0kB in 1s (74.1kB/s)
Reading package lists... Done
W: GPG error: http://www.backports.org lenny-backports Release: The  
following signatures
couldn't be verified because the public key is not available:  
NO_PUBKEYEA8E8B2116BA136C

W: You may want to run apt-get update to correct these problems

lilserver:~# cat /etc/apt/sources.list
#

deb http://debian.lcs.mit.edu/debian/ lenny main contrib non-free
deb-src http://debian.lcs.mit.edu/debian/ lenny main contrib non-free

deb http://ftp3.nrc.ca/debian/  lenny main non-free contrib
deb-src http://ftp3.nrc.ca/debian/  lenny main non-free contrib

deb http://security.debian.org/ lenny/updates main
deb-src http://security.debian.org/ lenny/updates main

deb http://volatile.debian.org/debian-volatile lenny/volatile main  
contrib non-free


# For instructions on getting stuff from backports see
#   http://www.backports.org/dokuwiki/doku.php?id=instructions
deb http://www.backports.org/debian lenny-backports main contrib non- 
free




-- System Information:
Debian Release: 5.0
 APT prefers stable
 APT policy: (500, 'stable')
Architecture: powerpc (ppc)

Kernel: Linux 2.6.26-1-powerpc
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Export Public Key

2008-11-01 Thread Frank Lanitz 
On Sat, 1 Nov 2008 02:31:27 +0100
Jochen Schulz <[EMAIL PROTECTED]> wrote:

> Frank Lanitz:
> > "Zaki Akhmad" <[EMAIL PROTECTED]> wrote:
> >>
> >> Could you hint me some information, which server have exchanging
> >> public key service? I'd like to do some experiment exchanging
> >> public key then use it to encrypt and decrypt email :-)
> > 
> > First at all, I think it is not a good idea to upload your private
> > key to a server which is not 100% controlled by you.
> 
> Uhm, Zaki asked for a place to upload his *public* key. Of course,
> nobody in their right mind would make his private key public.

Oops. My fault ;) 

Frank
-- 
http://frank.uvena.de/en/


pgpuSvg8HHrNq.pgp
Description: PGP signature

Re: Export Public Key

2008-10-31 Thread Jochen Schulz 
Frank Lanitz:
> "Zaki Akhmad" <[EMAIL PROTECTED]> wrote:
>>
>> Could you hint me some information, which server have exchanging
>> public key service? I'd like to do some experiment exchanging public
>> key then use it to encrypt and decrypt email :-)
> 
> First at all, I think it is not a good idea to upload your private key
> to a server which is not 100% controlled by you.

Uhm, Zaki asked for a place to upload his *public* key. Of course,
nobody in their right mind would make his private key public.

J.
-- 
At night I go to the kitchen; specifically, the knife drawer.
[Agree]   [Disagree]
 <http://www.slowlydownward.com/NODATA/data_enter2.html>


signature.asc
Description: Digital signature

Re: Export Public Key

2008-10-31 Thread Frank Lanitz 
Hi, 

On Fri, 31 Oct 2008 00:17:50 +0700
"Zaki Akhmad" <[EMAIL PROTECTED]> wrote:

> On Wed, Oct 29, 2008 at 5:07 PM, Frank Lanitz <[EMAIL PROTECTED]>
> wrote:
> >
> > You can use gpg --send $keyID to send your public key to a
> > keyserver or use gpg --export-key to export the key to e.g. a file.
> > Consulting man page of GnuPG (man gpg) will give you some more
> > detailed informaiton.
> 
> Thanks, Frank. I try this
> $ gpg --output nameit_pub.gpg --armor --export $keyid
> 
> Could you hint me some information, which server have exchanging
> public key service? I'd like to do some experiment exchanging public
> key then use it to encrypt and decrypt email :-)

First at all, I think it is not a good idea to upload your private key
to a server which is not 100% controlled by you. Anyway. Just before
playing around you need to think twice what you're doing because every
key you upload to a key server will be visible for everybody  also
in future when you already revoked them or maybe you've already left
the planet. As keyserver I'm using from time to time pgpkeys.pca.dfn.de
as well as subkeys.pgp.net and wwwkeys.de.pgp.net. There are also a
number of servers inside gpg.conf as examples IIRC. 
Most of the well known key servers are synching each other so you don't
need to upload your key to every server. As a personal flavor, I don't
like inline signing mails not very much, but this might can be
discussed for years. 

Cheers, 
Frank
-- 
http://frank.uvena.de/en/


pgpSXxxzZIKLY.pgp
Description: PGP signature

Re: Export Public Key

2008-10-30 Thread Zaki Akhmad 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Oct 29, 2008 at 5:07 PM, Frank Lanitz <[EMAIL PROTECTED]> wrote:
>
> You can use gpg --send $keyID to send your public key to a keyserver or
> use gpg --export-key to export the key to e.g. a file. Consulting man
> page of GnuPG (man gpg) will give you some more detailed informaiton.

Thanks, Frank. I try this
$ gpg --output nameit_pub.gpg --armor --export $keyid

Could you hint me some information, which server have exchanging
public key service? I'd like to do some experiment exchanging public
key then use it to encrypt and decrypt email :-)

- --
Zaki Akhmad

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: http://getfiregpg.org

iEYEARECAAYFAkkJ7C4ACgkQT4k8JfIMt5f6YwCffQBNS1YUVyNcwJm+38TRAMLF
0A8AnjhFZZI6h/eXCBXGCSYC5GDJej3K
=ySTy
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Export Public Key

2008-10-29 Thread Frank Lanitz 
Hi, 

On Wed, 29 Oct 2008 15:58:41 +0700
"Zaki Akhmad" <[EMAIL PROTECTED]> wrote:

> I have generate public and private key. I am using gpg --gen-key
> command. How do I export my public key so that available to the
> public?

You can use gpg --send $keyID to send your public key to a keyserver or
use gpg --export-key to export the key to e.g. a file. Consulting man
page of GnuPG (man gpg) will give you some more detailed informaiton. 

Regards, 
Frank
-- 
http://frank.uvena.de/en/


pgp9VEiGvFiNU.pgp
Description: PGP signature

Export Public Key

2008-10-29 Thread Zaki Akhmad 
Dear all,

I have generate public and private key. I am using gpg --gen-key
command. How do I export my public key so that available to the
public?

-- 
Zaki Akhmad


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Debmirror Public Key Not Found

2008-09-04 Thread Florian Kulzer 
On Thu, Sep 04, 2008 at 00:46:31 +0700, Zaki Akhmad wrote:
> Hi
> 
> I am trying to make mirror debian repository to my portable harddisk.
> I am having difficulty with public key. Which public key I should
> export? To where?
> 
> Here's the result after I execute debmirror
> Mirroring to main from ftp://[EMAIL PROTECTED]//debian/
> Arches: i386
> Dists: sid
> Sections: main,contrib,non-free,main/debian-installer
> Will clean up AFTER mirroring.
> Pdiff mode: use.
> Attempting to get lock, this might take 2 minutes before it fails.
> Get Release files.
> [0%] Keeping: dists/sid/Release
> [0%] Keeping: dists/sid/Release.gpg
> gpgv: keyblock resource `/home/za/.gnupg/trustedkeys.gpg': general error

Does this file exist? If it does exist, what are its ownership and
permissions?

> gpgv: Signature made Wed 03 Sep 2008 03:52:53 PM WIT using DSA key ID 6070D3A1
> [GNUPG:] ERRSIG A70DAF536070D3A1 17 2 00 1220431973 9
> [GNUPG:] NO_PUBKEY A70DAF536070D3A1
> gpgv: Can't check signature: public key not found
> Release signature does not verify.
> Errors:
>  Release signature does not verify.
> Failed to download some Release or Release.gpg files!
> WARNING: releasing 1 pending lock...
> 
> Here's my list-key
> [EMAIL PROTECTED]:~$ gpg --list-keys
> /home/za/.gnupg/pubring.gpg

[...]

That is your normal public keyring; debmirror seems to look for the
archive signing keys in a dedicated separate file:
/home/za/.gnupg/trustedkeys.gpg.

If you do not have ~/.gnupg/trustedkeys.gpg then you can try to copy the
complete archive keyring file (as your normal user 'za'):

cp /usr/share/keyrings/debian-archive-keyring.gpg ~/.gnupg/trustedkeys.gpg

If you already have ~/.gnupg/trustedkeys.gpg and you want to add a certain key
to it then you can do something like this:

gpg --no-default-keyring -a --keyring 
/usr/share/keyrings/debian-archive-keyring.gpg --export A70DAF536070D3A1 | gpg 
--no-default-keyring --keyring ~/.gnupg/trustedkeys.gpg --import -

To check which keys are on the ~/.gnupg/trustedkeys.gpg keyring, use
this command:

gpg --no-default-keyring --keyring ~/.gnupg/trustedkeys.gpg --list-key

-- 
Regards,| http://users.icfo.es/Florian.Kulzer
  Florian   |


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Debmirror Public Key Not Found

2008-09-03 Thread Zaki Akhmad 
Hi

I am trying to make mirror debian repository to my portable harddisk.
I am having difficulty with public key. Which public key I should
export? To where?

Here's the result after I execute debmirror
Mirroring to main from ftp://[EMAIL PROTECTED]//debian/
Arches: i386
Dists: sid
Sections: main,contrib,non-free,main/debian-installer
Will clean up AFTER mirroring.
Pdiff mode: use.
Attempting to get lock, this might take 2 minutes before it fails.
Get Release files.
[0%] Keeping: dists/sid/Release
[0%] Keeping: dists/sid/Release.gpg
gpgv: keyblock resource `/home/za/.gnupg/trustedkeys.gpg': general error
gpgv: Signature made Wed 03 Sep 2008 03:52:53 PM WIT using DSA key ID 6070D3A1
[GNUPG:] ERRSIG A70DAF536070D3A1 17 2 00 1220431973 9
[GNUPG:] NO_PUBKEY A70DAF536070D3A1
gpgv: Can't check signature: public key not found
Release signature does not verify.
Errors:
 Release signature does not verify.
Failed to download some Release or Release.gpg files!
WARNING: releasing 1 pending lock...

Here's my list-key
[EMAIL PROTECTED]:~$ gpg --list-keys
/home/za/.gnupg/pubring.gpg
---
pub   1024D/F20CB797 2008-09-02 [expires: 2009-09-02]
uid  Zaki Akhmad (za) <[EMAIL PROTECTED]>
sub   2048g/7A6F1AF7 2008-09-02 [expires: 2009-09-02]

pub   1024D/813B3EDE 2008-09-02 [expires: 2009-09-02]
uid  Zaki Akhmad (za) <[EMAIL PROTECTED]>
sub   2048g/90CDA8D9 2008-09-02 [expires: 2009-09-02]

pub   1024D/6070D3A1 2006-11-20 [expires: 2009-07-01]
uid  Debian Archive Automatic Signing Key (4.0/etch)
<[EMAIL PROTECTED]>

pub   1024D/ADB11277 2006-09-17
uid  Etch Stable Release Key <[EMAIL PROTECTED]>

pub   1024D/BBE55AB3 2007-03-31 [expires: 2010-03-30]
uid  Debian-Volatile Archive Automatic Signing Key (4.0/etch)
sub   2048g/36CA98F3 2007-03-31 [expires: 2010-03-30]

pub   1024D/F42584E6 2008-04-06 [expires: 2012-05-15]
uid  Lenny Stable Release Key <[EMAIL PROTECTED]>

Actually I can add --ignore-release-gpg But it don't solve the
problem. It's quitting the problem ;-)

-- 
Zaki Akhmad


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Printing GPG public key

2008-02-09 Thread Tzafrir Cohen 
On Sat, Feb 09, 2008 at 06:44:02PM +, Magnus Therning wrote:
> Is there a tool that'd help me create a sheet full of the fingerprint of
> my public key?

  aptitude install signing-party

Then you can use gpg-key2ps

-- 
Tzafrir Cohen | [EMAIL PROTECTED] | VIM is
http://tzafrir.org.il || a Mutt's
[EMAIL PROTECTED] ||  best
ICQ# 16849754 || friend


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Printing GPG public key

2008-02-09 Thread David Paleino 
Il giorno Sat, 09 Feb 2008 18:44:02 +
Magnus Therning <[EMAIL PROTECTED]> ha scritto:

> Is there a tool that'd help me create a sheet full of the fingerprint of
> my public key?

Sure, just:

# apt-get install signing-party

and you'll have a nice /usr/bin/gpg-key2ps which does what you want :)

HTH,
David

-- 
 . ''`.  Debian maintainer | http://wiki.debian.org/DavidPaleino
 : :'  : Linuxer #334216 --|-- http://www.hanskalabs.net/
 `. `'`  GPG: 1392B174 | http://snipr.com/qa_page
   `-   2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174


signature.asc
Description: PGP signature

Printing GPG public key

2008-02-09 Thread Magnus Therning 
Is there a tool that'd help me create a sheet full of the fingerprint of
my public key?

/M

-- 
Magnus Therning (OpenPGP: 0xAB4DFBA4)
magnus@therning.org Jabber: magnus.therning@gmail.com
http://therning.org/magnus

What if I don't want to obey the laws? Do they throw me in jail with
the other bad monads?
 -- Daveman



signature.asc
Description: OpenPGP digital signature

Re: Re: Public key SSH with Midnight Commander

2007-08-20 Thread Jon Dowland 
> sshfs ip.address.of.host: mountpoint -o
> IdentityFile="~/.ssh/id_remote"
> 
> The reference from the sshfs help output and manpage is a
> bit obscure
> refering the reader to the ssh_config man page for ssh
> option where
> IdentityFile is described.

Better method: specify the identify file per host in
~/.ssh/config. That will work with sshfs and anything else
using openssh as a backend. E.g.

Host foo
IdentityFile ~/.ssh/id_dsa_foo

However, if your authentication agent has a key loaded, the
ssh connection should try to use it for a connection, so
you could just make sure you've ssh-added all the identity
files prior to using sshfs/mc etc.


-- 
Jon Dowland


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Public key SSH with Midnight Commander

2007-08-17 Thread Nate Bargmann 
* Csányi Pál <[EMAIL PROTECTED]> [2007 Aug 17 13:31 -0500]:
> On Fri, Aug 17, 2007 at 01:10:26PM -0500, Nate Bargmann wrote:
> > * Atis <[EMAIL PROTECTED]> [2007 Aug 17 10:55 -0500]:
> > > On 8/17/07, Nate Bargmann <[EMAIL PROTECTED]> wrote:
> > > > I have my SSH set up to use only public key authentication between my
> > > > laptop and my remote host--no password fallback, no PAM.  So, I
> > > > initiate a session using:
> > > >
> > > > $ ssh -i .ssh/id_remote remote.host.ip.address
> > > >
> > > > Then I am prompted for the password of the .ssh/id_remote file which
> > > > resides on the laptop.
> > > >
> > > > This works well (X11 Forwarding even!), but when I've tried Midnight
> > > > Commander or Konqueror using the fish protocol, I get errors.  In
> > > > experimenting, it appears to me that fish only uses password
> > > > authentication.  How can I make this work with public key only as I'm
> > > > using?
> > > >
> > > > I want to keep my SSH access as secure as possible by using only public
> > > > key authentication.
> 
> I use ssh access to the remote debian system with RSA public key.
> 
> I can use Midnight Commander to access remote directories with fish; then I 
> must to enter the remote password for the remote user and the / directory is 
> open for me.
> 
> In MC I open a Shell connection, 
> give the remote [EMAIL PROTECTED] /#sh:[EMAIL PROTECTED]
> enter the password for that remote user, and open the remote / directory.

Are you using public key authentication and have password login
disabled as well?  That's my setup.

- Nate >>

-- 
 Wireless | Amateur Radio Station N0NB  |  Successfully Microsoft
  Amateur radio exams; ham radio; Linux info @  | free since January 1998.
 http://www.qsl.net/n0nb/   |  "Debian, the choice of
 My Kawasaki KZ-650 SR @| a GNU generation!"
http://www.networksplus.net/n0nb/   |   http://www.debian.org


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Public key SSH with Midnight Commander

2007-08-17 Thread Nate Bargmann 
* Nate Bargmann <[EMAIL PROTECTED]> [2007 Aug 17 13:11 -0500]:
> * Atis <[EMAIL PROTECTED]> [2007 Aug 17 10:55 -0500]:
> > On 8/17/07, Nate Bargmann <[EMAIL PROTECTED]> wrote:
> > > I have my SSH set up to use only public key authentication between my
> > > laptop and my remote host--no password fallback, no PAM.  So, I
> > > initiate a session using:
> > >
> > > $ ssh -i .ssh/id_remote remote.host.ip.address
> > >
> > > Then I am prompted for the password of the .ssh/id_remote file which
> > > resides on the laptop.
> > >
> > > This works well (X11 Forwarding even!), but when I've tried Midnight
> > > Commander or Konqueror using the fish protocol, I get errors.  In
> > > experimenting, it appears to me that fish only uses password
> > > authentication.  How can I make this work with public key only as I'm
> > > using?
> > >
> > > I want to keep my SSH access as secure as possible by using only public
> > > key authentication.
> > 
> > Use sshfs
> 
> That still doesn't work.  I get:
> 
> read: Connection reset by peer
> 
> It doesn't seem to be able to let me specify a path to the
> ~/.ssh/id_remote file and then prompt for a password like the -i option
> of ssh.  It does work okay with a host that uses the default id_r|dsa
> filename, but I use a different key for different hosts and must
> specify the correct key to ssh.  Does sshfs support this?
> 
> Ideas?

Well, as is usual, I solved it via Google.  Here is what I needed to do:

sshfs ip.address.of.host: mountpoint -o IdentityFile="~/.ssh/id_remote"

The reference from the sshfs help output and manpage is a bit obscure
refering the reader to the ssh_config man page for ssh option where
IdentityFile is described.

Works like a hose!

- Nate >>

-- 
 Wireless | Amateur Radio Station N0NB  |  Successfully Microsoft
  Amateur radio exams; ham radio; Linux info @  | free since January 1998.
 http://www.qsl.net/n0nb/   |  "Debian, the choice of
 My Kawasaki KZ-650 SR @| a GNU generation!"
http://www.networksplus.net/n0nb/   |   http://www.debian.org


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Public key SSH with Midnight Commander

2007-08-17 Thread Csányi Pál 
On Fri, Aug 17, 2007 at 01:10:26PM -0500, Nate Bargmann wrote:
> * Atis <[EMAIL PROTECTED]> [2007 Aug 17 10:55 -0500]:
> > On 8/17/07, Nate Bargmann <[EMAIL PROTECTED]> wrote:
> > > I have my SSH set up to use only public key authentication between my
> > > laptop and my remote host--no password fallback, no PAM.  So, I
> > > initiate a session using:
> > >
> > > $ ssh -i .ssh/id_remote remote.host.ip.address
> > >
> > > Then I am prompted for the password of the .ssh/id_remote file which
> > > resides on the laptop.
> > >
> > > This works well (X11 Forwarding even!), but when I've tried Midnight
> > > Commander or Konqueror using the fish protocol, I get errors.  In
> > > experimenting, it appears to me that fish only uses password
> > > authentication.  How can I make this work with public key only as I'm
> > > using?
> > >
> > > I want to keep my SSH access as secure as possible by using only public
> > > key authentication.

I use ssh access to the remote debian system with RSA public key.

I can use Midnight Commander to access remote directories with fish; then I 
must to enter the remote password for the remote user and the / directory is 
open for me.

In MC I open a Shell connection, 
give the remote [EMAIL PROTECTED] /#sh:[EMAIL PROTECTED]
enter the password for that remote user, and open the remote / directory.

-- 
Regards, Paul Csanyi
http://www.freewebs.com/csanyi-pal/index.htm


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Public key SSH with Midnight Commander

2007-08-17 Thread Nate Bargmann 
* Atis <[EMAIL PROTECTED]> [2007 Aug 17 10:55 -0500]:
> On 8/17/07, Nate Bargmann <[EMAIL PROTECTED]> wrote:
> > I have my SSH set up to use only public key authentication between my
> > laptop and my remote host--no password fallback, no PAM.  So, I
> > initiate a session using:
> >
> > $ ssh -i .ssh/id_remote remote.host.ip.address
> >
> > Then I am prompted for the password of the .ssh/id_remote file which
> > resides on the laptop.
> >
> > This works well (X11 Forwarding even!), but when I've tried Midnight
> > Commander or Konqueror using the fish protocol, I get errors.  In
> > experimenting, it appears to me that fish only uses password
> > authentication.  How can I make this work with public key only as I'm
> > using?
> >
> > I want to keep my SSH access as secure as possible by using only public
> > key authentication.
> 
> Use sshfs

That still doesn't work.  I get:

read: Connection reset by peer

It doesn't seem to be able to let me specify a path to the
~/.ssh/id_remote file and then prompt for a password like the -i option
of ssh.  It does work okay with a host that uses the default id_r|dsa
filename, but I use a different key for different hosts and must
specify the correct key to ssh.  Does sshfs support this?

Ideas?

- Nate >>

-- 
 Wireless | Amateur Radio Station N0NB  |  Successfully Microsoft
  Amateur radio exams; ham radio; Linux info @  | free since January 1998.
 http://www.qsl.net/n0nb/   |  "Debian, the choice of
 My Kawasaki KZ-650 SR @| a GNU generation!"
http://www.networksplus.net/n0nb/   |   http://www.debian.org


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Public key SSH with Midnight Commander

2007-08-17 Thread Atis 
On 8/17/07, Nate Bargmann <[EMAIL PROTECTED]> wrote:
> I have my SSH set up to use only public key authentication between my
> laptop and my remote host--no password fallback, no PAM.  So, I
> initiate a session using:
>
> $ ssh -i .ssh/id_remote remote.host.ip.address
>
> Then I am prompted for the password of the .ssh/id_remote file which
> resides on the laptop.
>
> This works well (X11 Forwarding even!), but when I've tried Midnight
> Commander or Konqueror using the fish protocol, I get errors.  In
> experimenting, it appears to me that fish only uses password
> authentication.  How can I make this work with public key only as I'm
> using?
>
> I want to keep my SSH access as secure as possible by using only public
> key authentication.

Use sshfs

Regards,
Atis

-- 
Atis Lezdins,
IT Responsible of BEST Riga,
[EMAIL PROTECTED]
ICQ: 142239285
Skype: atis.lezdins
Cell Phone: +371 28806004 [Tele2, Latvia]
Work phone: +1 800 7502835 [Toll free, USA]
?BEST? -> www.BEST.eu.org


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Public key SSH with Midnight Commander

2007-08-17 Thread Nate Bargmann 
I have my SSH set up to use only public key authentication between my
laptop and my remote host--no password fallback, no PAM.  So, I
initiate a session using:

$ ssh -i .ssh/id_remote remote.host.ip.address

Then I am prompted for the password of the .ssh/id_remote file which
resides on the laptop.

This works well (X11 Forwarding even!), but when I've tried Midnight
Commander or Konqueror using the fish protocol, I get errors.  In
experimenting, it appears to me that fish only uses password
authentication.  How can I make this work with public key only as I'm
using?

I want to keep my SSH access as secure as possible by using only public
key authentication.

- Nate >>

-- 
 Wireless | Amateur Radio Station N0NB  |  Successfully Microsoft
  Amateur radio exams; ham radio; Linux info @  | free since January 1998.
 http://www.qsl.net/n0nb/   |  "Debian, the choice of
 My Kawasaki KZ-650 SR @| a GNU generation!"
http://www.networksplus.net/n0nb/   |   http://www.debian.org


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: etch/volatile -- public key is not available: NO_PUBKEY EC61E0B0BBE55AB3

2007-04-15 Thread Joe Hart 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Greg Folkert wrote:
[snip]
>>> Would you have the key for Debian-Multimedia in the "Debian Archive
>>> Keyring"?
>> No, but I might make it a little easier for Debian newbies to find it in
>> the first place.  Something like a simple script that people could use
>> to install the missing multimedia applications/codecs that almost
>> everyone wants.  Those who don't want them of course wouldn't need or
>> want to use such a script, but having one available and make it plain
>> that it was available would stop a lot of people bitching about Debian
>> not coming with them in the first place.
> 
> So, you are suggesting we include a non-Debian, but Debian associated
> repository. This would infer approval and endorsement. Nope, don't see
> it happening.

No, I am not suggesting that.  I am suggesting that it be simpler for
newbies to find Christian's repository and enable it though.  Most
people want to be able to play the media on the web, and if we're ever
going to get mainstream acceptance, it needs to be simple for new users.

There are a whole lot of people who are ready to make the transition to
the GNU/Linux world, but are afraid of it.  GNU/Linux is ready for the
desktop, but without being able to play media from the start, it makes
it less likely that people to choose Debian as their first distribution
because there are others that can do that.

Perhaps it is better this way, so rather than having to hold the hands
of complete newbies, we get people that have *some* experience with
GNU/Linux and just have to help them learn the Debian Way.  Maybe I'll
just make a script available on my newly forming website.  A simple
little thing that will pull in Christian's key and install some key
packages.  Not hard to do at all, but for a newbie it is too confusing.

(I like the pun)

>> Somehow I think this issue has been beaten to death already, but it was
>> before my time.  I understand the legal issues involved, but they don't
>> apply where I live, at least not yet.
> 
> Yep, along with the whole formerly needed nonus stuff.
> 
>>> Being a Debian associated, but not really an Official Debian repository.
>>> The same goes for volatile. Until they become FULL ON FRIENDSHIP Debian
>>> repositories, I don't think it'll get into the "debian-archive-keyring"
>> Point well taken.  I agree with (YOU) on this one.  I said I didn't know why,
>> now I do.  Personally I don't use that repo, so I don't know that much
>> about it.  Thank you for informing me.

Thanks for fixing my English.
> 
> I'd be more inclined to use Christian's Repository than the other ones
> out there, that aim at the same niche. 

I agree.  That's why debian-multimedia is the only non-official one in
my sources.list.

Joe
- --
Registerd Linux user #443289 at http://counter.li.org/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGIb8miXBCVWpc5J4RAqqOAKDOuJhtAUn8ETHDcOzCsLtyZYR1ggCdFPTb
/Gl5P30G/mnft7nzG29jN+8=
=rdGC
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: etch/volatile -- public key is not available: NO_PUBKEY EC61E0B0BBE55AB3

2007-04-14 Thread Greg Folkert 
On Sat, 2007-04-14 at 21:48 +0200, Joe Hart wrote:
> Greg Folkert wrote:
> > On Sat, 2007-04-14 at 19:50 +0200, Joe Hart wrote:
> >> Rick Thomas wrote:
> >>> On Apr 14, 2007, at 6:39 AM, Steve Langasek wrote:
> >>>> On Fri, Apr 13, 2007 at 11:21:56PM -0400, Rick Thomas wrote:
> >>>>> Anybody know what the problem is here?  Or how to fix it?
> >>>>> W: GPG error: http://volatile.debian.org etch/volatile Release: The
> >>>>> following signatures couldn't be verified because the public key is
> >>>>> not available: NO_PUBKEY EC61E0B0BBE55AB3
> >>>>> W: You may want to run apt-get update to correct these problems
> >>>> You need to import the public key for volatile.debian.org separately
> >>>> using
> >>>> apt-key if you want to use this repo with secure apt, the key is not
> >>>> included in the default debian-archive-keyring package.
> >>> Thanks,
> >>>
> >>> Two questions:
> >>>
> >>> 1) How do I import the public key for volatile?  (If it's in the fine
> >>> manual, then please point me to it so I can RTFM)
> >>>
> >>> 2) What's the reasoning behind not including it in the default
> >>> debian-archive-keyring package?  Is it not recommended that everyone use
> >>> volatile for the things like security and spam updates that it provides?
> >> 1) Rick, read the message Kushal Kumaran sent to you.  It tells you.
> >>
> >> 2) That is a good question.  I have no idea.  Oversight perhaps?  I am
> >> sure if it wasn't there is a good reason for it, but I have no idea what
> >> it could be.
> > 
> > Let me ask you this Joe.
> > 
> > Would you have the key for Debian-Multimedia in the "Debian Archive
> > Keyring"?
> 
> No, but I might make it a little easier for Debian newbies to find it in
> the first place.  Something like a simple script that people could use
> to install the missing multimedia applications/codecs that almost
> everyone wants.  Those who don't want them of course wouldn't need or
> want to use such a script, but having one available and make it plain
> that it was available would stop a lot of people bitching about Debian
> not coming with them in the first place.

So, you are suggesting we include a non-Debian, but Debian associated
repository. This would infer approval and endorsement. Nope, don't see
it happening.

> Somehow I think this issue has been beaten to death already, but it was
> before my time.  I understand the legal issues involved, but they don't
> apply where I live, at least not yet.

Yep, along with the whole formerly needed nonus stuff.

> > Being a Debian associated, but not really an Official Debian repository.
> > The same goes for volatile. Until they become FULL ON FRIENDSHIP Debian
> > repositories, I don't think it'll get into the "debian-archive-keyring"
> 
> Point well taken.  I agree with (YOU) on this one.  I said I didn't know why,
> now I do.  Personally I don't use that repo, so I don't know that much
> about it.  Thank you for informing me.

I'd be more inclined to use Christian's Repository than the other ones
out there, that aim at the same niche. 
-- 
greg, [EMAIL PROTECTED]

Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup


signature.asc
Description: This is a digitally signed message part

Re: etch/volatile -- public key is not available: NO_PUBKEY EC61E0B0BBE55AB3

2007-04-14 Thread Joe Hart 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joe Hart wrote:
> Greg Folkert wrote:
>> On Sat, 2007-04-14 at 19:50 +0200, Joe Hart wrote:
>>> Rick Thomas wrote:
>>>> On Apr 14, 2007, at 6:39 AM, Steve Langasek wrote:
>>>>> On Fri, Apr 13, 2007 at 11:21:56PM -0400, Rick Thomas wrote:
>>>>>> Anybody know what the problem is here?  Or how to fix it?
>>>>>> W: GPG error: http://volatile.debian.org etch/volatile Release: The
>>>>>> following signatures couldn't be verified because the public key is
>>>>>> not available: NO_PUBKEY EC61E0B0BBE55AB3
>>>>>> W: You may want to run apt-get update to correct these problems
>>>>> You need to import the public key for volatile.debian.org separately
>>>>> using
>>>>> apt-key if you want to use this repo with secure apt, the key is not
>>>>> included in the default debian-archive-keyring package.
>>>> Thanks,
>>>>
>>>> Two questions:
>>>>
>>>> 1) How do I import the public key for volatile?  (If it's in the fine
>>>> manual, then please point me to it so I can RTFM)
>>>>
>>>> 2) What's the reasoning behind not including it in the default
>>>> debian-archive-keyring package?  Is it not recommended that everyone use
>>>> volatile for the things like security and spam updates that it provides?
>>> 1) Rick, read the message Kushal Kumaran sent to you.  It tells you.
>>>
>>> 2) That is a good question.  I have no idea.  Oversight perhaps?  I am
>>> sure if it wasn't there is a good reason for it, but I have no idea what
>>> it could be.
>> Let me ask you this Joe.
> 
>> Would you have the key for Debian-Multimedia in the "Debian Archive
>> Keyring"?
> 
> No, but I might make it a little easier for Debian newbies to find it in
> the first place.  Something like a simple script that people could use
> to install the missing multimedia applications/codecs that almost
> everyone wants.  Those who don't want them of course wouldn't need or
> want to use such a script, but having one available and make it plain
> that it was available would stop a lot of people bitching about Debian
> not coming with them in the first place.
> 
> Somehow I think this issue has been beaten to death already, but it was
> before my time.  I understand the legal issues involved, but they don't
> apply where I live, at least not yet.
> 
>> Being a Debian associated, but not really an Official Debian repository.
>> The same goes for volatile. Until they become FULL ON FRIENDSHIP Debian
>> repositories, I don't think it'll get into the "debian-archive-keyring"
> 
> Point well taken.  I agree with on this one.  I said I didn't know why,
 ^you
> now I do.  Personally I don't use that repo, so I don't know that much
> about it.  Thank you for informing me.
> 
> Joe
> 
I need to learn to proofread my mail before I hit the send key.  How can
I miss putting the word you in the above (where I corrected it)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGITUliXBCVWpc5J4RAtBfAJ4rPA5vfZjJofPr/nzwy0k2ygOovACfeSuy
C3iBslaz0JrOButbx97WfRw=
=6QFF
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: etch/volatile -- public key is not available: NO_PUBKEY EC61E0B0BBE55AB3

2007-04-14 Thread Joe Hart 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Greg Folkert wrote:
> On Sat, 2007-04-14 at 19:50 +0200, Joe Hart wrote:
>> Rick Thomas wrote:
>>> On Apr 14, 2007, at 6:39 AM, Steve Langasek wrote:
>>>> On Fri, Apr 13, 2007 at 11:21:56PM -0400, Rick Thomas wrote:
>>>>> Anybody know what the problem is here?  Or how to fix it?
>>>>> W: GPG error: http://volatile.debian.org etch/volatile Release: The
>>>>> following signatures couldn't be verified because the public key is
>>>>> not available: NO_PUBKEY EC61E0B0BBE55AB3
>>>>> W: You may want to run apt-get update to correct these problems
>>>> You need to import the public key for volatile.debian.org separately
>>>> using
>>>> apt-key if you want to use this repo with secure apt, the key is not
>>>> included in the default debian-archive-keyring package.
>>> Thanks,
>>>
>>> Two questions:
>>>
>>> 1) How do I import the public key for volatile?  (If it's in the fine
>>> manual, then please point me to it so I can RTFM)
>>>
>>> 2) What's the reasoning behind not including it in the default
>>> debian-archive-keyring package?  Is it not recommended that everyone use
>>> volatile for the things like security and spam updates that it provides?
>> 1) Rick, read the message Kushal Kumaran sent to you.  It tells you.
>>
>> 2) That is a good question.  I have no idea.  Oversight perhaps?  I am
>> sure if it wasn't there is a good reason for it, but I have no idea what
>> it could be.
> 
> Let me ask you this Joe.
> 
> Would you have the key for Debian-Multimedia in the "Debian Archive
> Keyring"?

No, but I might make it a little easier for Debian newbies to find it in
the first place.  Something like a simple script that people could use
to install the missing multimedia applications/codecs that almost
everyone wants.  Those who don't want them of course wouldn't need or
want to use such a script, but having one available and make it plain
that it was available would stop a lot of people bitching about Debian
not coming with them in the first place.

Somehow I think this issue has been beaten to death already, but it was
before my time.  I understand the legal issues involved, but they don't
apply where I live, at least not yet.

> 
> Being a Debian associated, but not really an Official Debian repository.
> The same goes for volatile. Until they become FULL ON FRIENDSHIP Debian
> repositories, I don't think it'll get into the "debian-archive-keyring"

Point well taken.  I agree with on this one.  I said I didn't know why,
now I do.  Personally I don't use that repo, so I don't know that much
about it.  Thank you for informing me.

Joe

- --
Registerd Linux user #443289 at http://counter.li.org/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGITAeiXBCVWpc5J4RAh0mAJ4hC2QHWwWoUlpOrAfPLJLYX00DqACeK1D6
GkozrZb00N+JJ68Zh44jE3U=
=UVxF
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: etch/volatile -- public key is not available: NO_PUBKEY EC61E0B0BBE55AB3

2007-04-14 Thread Greg Folkert 
On Sat, 2007-04-14 at 19:50 +0200, Joe Hart wrote:
> Rick Thomas wrote:
> > On Apr 14, 2007, at 6:39 AM, Steve Langasek wrote:
> >> On Fri, Apr 13, 2007 at 11:21:56PM -0400, Rick Thomas wrote:
> >>> Anybody know what the problem is here?  Or how to fix it?
> >>
> >>> W: GPG error: http://volatile.debian.org etch/volatile Release: The
> >>> following signatures couldn't be verified because the public key is
> >>> not available: NO_PUBKEY EC61E0B0BBE55AB3
> >>> W: You may want to run apt-get update to correct these problems
> >>
> >> You need to import the public key for volatile.debian.org separately
> >> using
> >> apt-key if you want to use this repo with secure apt, the key is not
> >> included in the default debian-archive-keyring package.
> > 
> > Thanks,
> > 
> > Two questions:
> > 
> > 1) How do I import the public key for volatile?  (If it's in the fine
> > manual, then please point me to it so I can RTFM)
> > 
> > 2) What's the reasoning behind not including it in the default
> > debian-archive-keyring package?  Is it not recommended that everyone use
> > volatile for the things like security and spam updates that it provides?
>
> 1) Rick, read the message Kushal Kumaran sent to you.  It tells you.
> 
> 2) That is a good question.  I have no idea.  Oversight perhaps?  I am
> sure if it wasn't there is a good reason for it, but I have no idea what
> it could be.

Let me ask you this Joe.

Would you have the key for Debian-Multimedia in the "Debian Archive
Keyring"?

Being a Debian associated, but not really an Official Debian repository.
The same goes for volatile. Until they become FULL ON FRIENDSHIP Debian
repositories, I don't think it'll get into the "debian-archive-keyring"
-- 
greg, [EMAIL PROTECTED]

Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup


signature.asc
Description: This is a digitally signed message part

Re: etch/volatile -- public key is not available: NO_PUBKEY EC61E0B0BBE55AB3

2007-04-14 Thread Holger Levsen 
Hi Rick,

On Saturday 14 April 2007 19:33, Rick Thomas wrote:
> 1) How do I import the public key for volatile?  (If it's in the fine
> manual, then please point me to it so I can RTFM)

To be executed as root:

gpg --keyserver pgpkeys.pca.dfn.de --recv-keys AC583520
gpg --fingerprint  AC583520
# compare the fingerprint with a fingerprint on a machine with a trust path
gpg --export -a AC583520 | apt-key add -


This is for a different key, but besides that, that's it - and you may use a 
different keyserver. 

> 2) What's the reasoning behind not including it in the default debian-
> archive-keyring package?  Is it not recommended that everyone use
> volatile for the things like security and spam updates that it provides?

volatile is not a official service (yet).


regards,
Holger


pgpQqpDCMK7xk.pgp
Description: PGP signature

Re: etch/volatile -- public key is not available: NO_PUBKEY EC61E0B0BBE55AB3

2007-04-14 Thread Rick Thomas 


On Apr 14, 2007, at 12:50 AM, Kushal Kumaran wrote:


On 4/14/07, Rick Thomas <[EMAIL PROTECTED]> wrote:

Anybody know what the problem is here?  Or how to fix it?


W: GPG error: http://volatile.debian.org etch/volatile Release: The
following signatures couldn't be verified because the public key is
not available: NO_PUBKEY EC61E0B0BBE55AB3
W: You may want to run apt-get update to correct these problems



You don't have the Debian Volatile public key on your apt keyring.
Get etch-volatile.asc from
http://www.debian.org/devel/debian-volatile/ and then use "apt-key add
etch-volatile.asc" to add it to your apt keyring.


Thanks!

That worked fine.

Anybody know why it's not included in the standard keys package?

Enjoy!

Rick


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: etch/volatile -- public key is not available: NO_PUBKEY EC61E0B0BBE55AB3

2007-04-14 Thread Joe Hart 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Rick Thomas wrote:
> 
> On Apr 14, 2007, at 6:39 AM, Steve Langasek wrote:
> 
>> On Fri, Apr 13, 2007 at 11:21:56PM -0400, Rick Thomas wrote:
>>> Anybody know what the problem is here?  Or how to fix it?
>>
>>> W: GPG error: http://volatile.debian.org etch/volatile Release: The
>>> following signatures couldn't be verified because the public key is
>>> not available: NO_PUBKEY EC61E0B0BBE55AB3
>>> W: You may want to run apt-get update to correct these problems
>>
>> You need to import the public key for volatile.debian.org separately
>> using
>> apt-key if you want to use this repo with secure apt, the key is not
>> included in the default debian-archive-keyring package.
> 
> Thanks,
> 
> Two questions:
> 
> 1) How do I import the public key for volatile?  (If it's in the fine
> manual, then please point me to it so I can RTFM)
> 
> 2) What's the reasoning behind not including it in the default
> debian-archive-keyring package?  Is it not recommended that everyone use
> volatile for the things like security and spam updates that it provides?
> 
> Enjoy!
> 
> Rick

1) Rick, read the message Kushal Kumaran sent to you.  It tells you.

2) That is a good question.  I have no idea.  Oversight perhaps?  I am
sure if it wasn't there is a good reason for it, but I have no idea what
it could be.

Joe
- --
Registerd Linux user #443289 at http://counter.li.org/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGIRRqiXBCVWpc5J4RAtqLAKDOf8Vdn++kwswm1P0yvBfUu0Y+lQCeNrhN
qjyzY6Ux8sO1rugoIB3ilvg=
=XEfj
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: etch/volatile -- public key is not available: NO_PUBKEY EC61E0B0BBE55AB3

2007-04-14 Thread Rick Thomas 


On Apr 14, 2007, at 6:39 AM, Steve Langasek wrote:


On Fri, Apr 13, 2007 at 11:21:56PM -0400, Rick Thomas wrote:

Anybody know what the problem is here?  Or how to fix it?



W: GPG error: http://volatile.debian.org etch/volatile Release: The
following signatures couldn't be verified because the public key is
not available: NO_PUBKEY EC61E0B0BBE55AB3
W: You may want to run apt-get update to correct these problems


You need to import the public key for volatile.debian.org  
separately using

apt-key if you want to use this repo with secure apt, the key is not
included in the default debian-archive-keyring package.


Thanks,

Two questions:

1) How do I import the public key for volatile?  (If it's in the fine  
manual, then please point me to it so I can RTFM)


2) What's the reasoning behind not including it in the default debian- 
archive-keyring package?  Is it not recommended that everyone use  
volatile for the things like security and spam updates that it provides?


Enjoy!

Rick


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: etch/volatile -- public key is not available: NO_PUBKEY EC61E0B0BBE55AB3

2007-04-14 Thread Steve Langasek 
On Fri, Apr 13, 2007 at 11:21:56PM -0400, Rick Thomas wrote:
> Anybody know what the problem is here?  Or how to fix it?

> W: GPG error: http://volatile.debian.org etch/volatile Release: The  
> following signatures couldn't be verified because the public key is  
> not available: NO_PUBKEY EC61E0B0BBE55AB3
> W: You may want to run apt-get update to correct these problems

You need to import the public key for volatile.debian.org separately using
apt-key if you want to use this repo with secure apt, the key is not
included in the default debian-archive-keyring package.

Cheers,
-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
[EMAIL PROTECTED]   http://www.debian.org/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: etch/volatile -- public key is not available: NO_PUBKEY EC61E0B0BBE55AB3

2007-04-13 Thread Kushal Kumaran 

On 4/14/07, Rick Thomas <[EMAIL PROTECTED]> wrote:

Anybody know what the problem is here?  Or how to fix it?


W: GPG error: http://volatile.debian.org etch/volatile Release: The
following signatures couldn't be verified because the public key is
not available: NO_PUBKEY EC61E0B0BBE55AB3
W: You may want to run apt-get update to correct these problems



You don't have the Debian Volatile public key on your apt keyring.
Get etch-volatile.asc from
http://www.debian.org/devel/debian-volatile/ and then use "apt-key add
etch-volatile.asc" to add it to your apt keyring.
--
Kushal


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

etch/volatile -- public key is not available: NO_PUBKEY EC61E0B0BBE55AB3

2007-04-13 Thread Rick Thomas 

Anybody know what the problem is here?  Or how to fix it?


W: GPG error: http://volatile.debian.org etch/volatile Release: The  
following signatures couldn't be verified because the public key is  
not available: NO_PUBKEY EC61E0B0BBE55AB3

W: You may want to run apt-get update to correct these problems

Thanks!

Rick


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: public key warning

2006-11-22 Thread Mark Grieveson 


This will fix that:  
gpg --recv-keys A70DAF536070D3A1 && (gpg --export -a A70DAF536070D3A1 | apt-key add -)

something about keys changing...
Cheers,
Kev


Thanks.  That solved it -- the warnings are gone.

Mark


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

  1   2   >