Re: No DNS records anymore - alternative ?

[Andreas Puls]

Am 21.07.2021 um 14:10 schrieb Andrew Gallagher:

On 20/07/2021 21:49, Andreas Puls wrote:

Do we have any Pool alternative yet, or shall we just "quit" it ?


Whether you want to quit it depends on what you're doing "it" for. :-)


Yeah, but currently i don't have any effort to do something anymore :)
99.99% of bandwitdh is just keypeering - meanig shuffleing keys from
left to right and from right to left.
And no request in my logfiles


There is currently no pool, although there has been some discussion over
on the gnupg-devel list about restarting one. I'm skeptical of the
utility of such a thing (see my earlier posts for why, I don't want to
be a bore). But I hope that a synchronising network of keyservers can
survive, and grow to include keys.openpgp.org, keyserver.ubuntu.com etc.
- so IMO having a healthy community of keyserver operators is still
valuable.



IIRC Debain / Ubuntu ships as default keyserver "keys.openpgp.com", right ?



I will shut down my 3 Keyserver. If there is any proposal for a pool
again maybe i will join it.

Best regards
  Andreas

No DNS records anymore - alternative ?

[Andreas Puls]

Hey all,


just saw this statement:
"Update 2021-06-21: Due to even more GDPR takedown requests, the DNS
records for the pool will no longer be provided at all."

Do we have any Pool alternative yet, or shall we just "quit" it ?

As far as i can remeber there was no mention about the DNS shutdown on
the list, right ?


Br
  Andreas

Re: shutdown of pgpkeys.co.uk and pgpkeys.uk

[Andreas Puls]

Hey all,


as far as i know Hagrid doesn't support "peering" like SKS or
Hockeypuck. Regarding the latter one I'm running 3 Keyserver with it.
It's working very well and also support key blacklisting and ignores
huge subkeys. A little downside is only the "heavy" read / write
consumption compared to sks.

A new domain must be established into the "world". Maybe Kristian would
transfer the domain / software to one of us. So we could run it on our own.

Br
  Andreas

Am 22.06.2021 um 20:58 schrieb Skip Carter:


So ... should the SKS holdouts (myself included) switch to hockeypuck ?
This service is vital, some version of it should live on.


>
>

Re: High rate of updated keys

[Andreas Puls]

Hi Andrew,

Am 06.05.2021 um 15:07 schrieb Andrew Gallagher:

Hi, all.

I'm noticing recently a large number of updated keys in pgpkeys.eu
(hockeypuck), on the order of several thousand per hour. The total
number of keys is not increasing unusually, just the modifications. I
notice that both andreas-puls servers and utwente.nl seem to be
experiencing similar activity (an order of magnitude less, at tens to a
few hundred per hour), while other pool members seem unaffected (single
digits of updates per hour). Can I ask hockeypuck operators what filter
values they are using? pgpkeys.eu is currently set to:

maxPacketLength=65536
maxKeyLength=1048576


Im running on both of my servers the deafult value.
IIRC this should be:
#maxPacketLength=8192
#maxKeyLength=1048576


This is more generous than the defaults, which makes me wonder if the
root problem is that it is allowing abusive keys that others are
filtering out.

On a possibly related note, sks.pgpkeys.eu (sks) is timing out
repeatedly during incoming bulk requests from its recon peers. It seems
to manifest as "End_of_file" errors in the SKS logs as the reverse proxy
gives up. Has anyone else seen similar issues?

Thanks,
A


Br
  Andreas

Certificate sks-keyservers.net expired

[Andreas Puls]

Hi Kristian,

the certificate of sks-keyservers.net has been expired 2 days ago.

Br
  Andreas

Re: Simulating SKS best practice [Was: keyserver.dobrev.eu is back running Hockeypuck]

[Andreas Puls]

Am 15.04.2021 um 16:39 schrieb Martin Dobrev:

Hi Andrew and team,

On 15/04/2021 12:33, Andrew Gallagher wrote:

On 23/03/2021 12:58, Andrew Gallagher wrote:

On 21/03/2021 21:48, Martin Dobrev wrote:

I had to play with mod_rewrite and force a redirect from
//pks/lookup?op=stats=mr/ to //pks/lookup?op=stats /to let
the script parse HTML. I don't have a proper explanation why peers
and recon port are not picked from the produced JSON but left out
(line 286/287).


I can confirm this works, and it has the unexpected side effect that
pgpkeys.eu is now recognised as SKS, even though it is still
declaring itself Hockeypuck.


The following hockeypuck servers appear to have implemented a stats
rewrite rule:

keyserver.dobrev.eu

Server has been reconfigured with the below additional rule.

pgp.cyberbits.eu
keys.okash.it
keys*.andreas-puls.de

Reconfigured both of mine. Should be working.



Could I humbly request of hockeypuck operators that this workaround be
limited to sks-keyservers.net's IP address? This would allow the
machine-readable JSON to be read by other spiders which may or may not
exist in the future... ;-) ;-) ;-)

For example, pgpkeys.eu uses the following apache snippet:

```
RewriteCond %{REMOTE_ADDR} ^37\.191\.231\.105
RewriteCond %{QUERY_STRING} op=stats=mr
RewriteRule ^/pks/lookup http://127.0.0.1:11371/pks/lookup?op=stats [P,L]
```

Similarly, could we collectively agree to emit {software:
"Hockeypuck"} and the real Hockeypuck version number when simulating
SKS, so that the human-readable status is accurate? So long as
"Hockeypuck" has a capital "H", the pool spider shouldn't reject you
(it may reject you for other reasons, but not for running hockeypuck).


Full ACK.

I can open a PR to change the default software key value from hockeypuck
to Hockeypuck.

Thanks, everyone.



Regards,
Martin Dobrev


Greetz
  Andreas

Re: Key diff anomaly

[Andreas Puls]

Hey Robbert,

Am 06.04.2021 um 18:53 schrieb Robbert Müller:

On 2021-04-05 17:25, Andreas Puls wrote:

Hi all,

Am 05.04.2021 um 14:00 schrieb Robbert Müller:

On 2021-04-05 07:46, Kiss Gabor (Bitman) wrote:

I've just noticed that key diff of ALL current 26 pool members is
negative.
Meanwhile keyserver.snt.utwente.nl is dropped from the pool
however it seems to be absolute healthy. Except its key diff: 73432.

I guess this this node got an attack-like burst of keys from outside.
(And this 73k extra keys distorted the average so much that everybody
else
seems to be lacking thousands of keys.)

Gabor


Hello,

During an OS upgrade i botched the postgresql database, and wiped
everything and loaded a keydump.
This was saturday.

Could, and if how,  this result in having more keys they the rest of the
network ?


That was my first thought. I had the same issue with a non full dump
import and ran hockeypuck-pbuild twice.

But i think you killed your ptree too, right ? Maybe removing the ptree
and rebuilding could fix it.


Hello,


Yeah, something was wrong here,
I wiped the ptree, and build it again with hockeypuck-pbuild, only now
i'm missing keys instead of having to many.

i've i'll see if the server will sync the keys back or that i have to
start over again.


The sync will work but need some time. Make sure that your peering
partner are working. Hockeypuck need some time to switch to another peer
if one is not working.


Robbert.


Br
  Andreas

Re: Key diff anomaly

[Andreas Puls]

Hi all,

Am 05.04.2021 um 14:00 schrieb Robbert Müller:

On 2021-04-05 07:46, Kiss Gabor (Bitman) wrote:

I've just noticed that key diff of ALL current 26 pool members is
negative.
Meanwhile keyserver.snt.utwente.nl is dropped from the pool
however it seems to be absolute healthy. Except its key diff: 73432.

I guess this this node got an attack-like burst of keys from outside.
(And this 73k extra keys distorted the average so much that everybody
else
seems to be lacking thousands of keys.)

Gabor


Hello,

During an OS upgrade i botched the postgresql database, and wiped
everything and loaded a keydump.
This was saturday.

Could, and if how,  this result in having more keys they the rest of the
network ?


That was my first thought. I had the same issue with a non full dump
import and ran hockeypuck-pbuild twice.

But i think you killed your ptree too, right ? Maybe removing the ptree
and rebuilding could fix it.



Regards

Robbert


Best regards
  Andreas

Re: An evil idea :-)

[Andreas Puls]

Am 22.03.2021 um 21:08 schrieb Kiss Gabor (Bitman):

One can decide to setup a proxy server without any own backend
but redirecting queries to some of the existing servers.
No one would recognize the cheating. :-)


Looks like somebody already done that :)
Just got a reuqest for the host "sks.undergrid.net"

$ host sks.undergrid.net
sks.undergrid.net is an alias for pool.sks-keyservers.net.


Gabor


 Andreas

Re: An evil idea :-)

[Andreas Puls]

Am 22.03.2021 um 21:08 schrieb Kiss Gabor (Bitman):

One can decide to setup a proxy server without any own backend
but redirecting queries to some of the existing servers.
No one would recognize the cheating. :-)


Looks like somebody already done that :)
Just got a reuqest for the host "sks.undergrid.net"

$ host sks.undergrid.net
sks.undergrid.net is an alias for pool.sks-keyservers.net.


Gabor


 Andreas

Re: Lying about Hockeypuck being SKS?

[Andreas Puls]

Am 22.03.2021 um 20:41 schrieb Marcel Waldvogel:

On Sun, 2021-03-21 at 22:56 +0100, Andreas Puls wrote:


I've created now a patch that just replaces in the json export
contact
with server_contact and Total with numkeys.
https://github.com/apuls/hockeypuck/commit/34fbdfcf73b60e6001f3770b86d8750d1c8b5385


Great, thanks! I just merged this. Now my Hockeypuck server appears in
the statistics.


You're welcome!


In my hockeypuck configuration i've set Version to 1.1.6+ and
Software
to SKS



Yeah, i've done it too. :)


Hockeypuck is blacklisted in the sks-keyservers.net code, because it
was not good enough to be incorporated into the pool when Kristian
wrote the code. Now, it seems to be in the same ballpark as SKS.

Asking Kristian to remove the Hockeypuck ban resulted in him explaining
that he does not plan to change the code or accept changes; instead, we
should set up our own fork of his code.

I think this leaves us with the following ways to progress:

a) We leave it as is, Hockeypuck is fine, but just not in the pool.
b) We create a second pool, where Hockeypuck is acceptable (and
probably SKS as well).
c) We agree that Hockeypuck lying to be SKS is accepted in the pool,
and maybe even recommended.

I would favor (c), plus keeping the version number in the 2.x range, so
that experts still can tell the difference.


b would be great but i think this is a hell of work.

Since we haven't heard for a while from Kristian and the pool is working
- ok more or less - i would go with option c too. Also with the Version
string 2.x .

Opinions?

We need to fix the peers field which will be reported via options=mr to
meet the requirements from the pool skript.


-Marcel

Br
  Andreas

Re: keyserver.dobrev.eu is back running Hockeypuck

[Andreas Puls]

Hi,

i also struggeld with this issus.
Only runnign a nginx instead of apache but got the redirect wokring :)

I've created now a patch that just replaces in the json export contact
with server_contact and Total with numkeys.
https://github.com/apuls/hockeypuck/commit/34fbdfcf73b60e6001f3770b86d8750d1c8b5385

In my hockeypuck configuration i've set Version to 1.1.6+ and Software
to SKS

Looking good in the pools stats - only missing some keys right know.

No need to create a redirect or modify the stats template.


Br
  Andreas

Am 21.03.2021 um 22:48 schrieb Martin Dobrev:

Hi,

I can open a PR and let Casey Marshall decide if it's bringing any
long-term value for Hockeypuck. I'm somehow not convinced it is the case
because the patch is trying to only fulfill a contract with SKS status
page generator
.
And the patch alone is not enough to satisfy the logic from
sks-keyservers.net/status-srv/sks_get_peer_data.php



I had to play with mod_rewrite and force a redirect from
//pks/lookup?op=stats=mr/ to //pks/lookup?op=stats /to let the
script parse HTML. I don't have a proper explanation why peers and recon
port are not picked from the produced JSON but left out (line 286/287).

Regards,
Martin

On 21/03/2021 18:45, Ryan Hunt wrote:

This is great, thank you for the effort you put into this. I pulled my
keyserver out long ago and am building two news ones now that
Hockeypuck finally looks ready to replace SKS

Are you going to try to merge this back upstream eventually?

-Ryan




On Mar 21, 2021, at 12:38 PM, Martin Dobrev  wrote:

Thanks everyone that messaged me privately. I recon many others are
wondering how my cluster is being setup, so I prepared a small
repository with sample configuration available here:
https://github.com/mclueppers/sks-keyserver-clustering

I hope it helps.

On 21/03/2021 00:38, Martin Dobrev wrote:

Good afternoon,

I've spent last few weeks fiddling and trying to revive three of the
SKS nodes from my cluster. It takes recently more time recovering
from dumps than actually running the service so I decided to give
Hockeypuck a proper go this time.

New cluster is dual node, running Hockeypuck 2.1.0 + some changes to
pass SKS keyservers status checks available here:
https://github.com/mclueppers/hockeypuck/tree/sks-compatability


Regards,
Martin

Re: pgpkeys.eu going offline

[Andreas Puls]

Hi all,

i can / would take it too. Living in germany and would point the domain
to my two keyservers.


Wish you all the best!
  Andreas

Am 09.01.2021 um 15:28 schrieb Andrew Gallagher:

I’ll take it if nobody else wants it. I’m an Irish citizen based in Dublin. I 
won’t be able to spin up a keyserver on it straight away, but I have been 
planning to do some hockeypuck experimentation so this will be a good kick up 
the backside. :-)

Thanks!

Andrew Gallagher


On 9 Jan 2021, at 14:19, Daniel Austin  wrote:

If anyone within one of the remaining EU member states would like the domain 
name, you're welcome to it.  It's no use to me and will sit there suspended 
until next year otherwise.

If anyone wants it, i'll transfer it over... first come first served.
(due to EU rules, you must be an EU resident and EURid may require you to prove 
it)


Thanks,

Dan.


On 08/01/2021 08:08, Jacob Alonso Maldonado wrote:
Well they want the brexit bye bye rights the normal . Anyway that domain is 
register and pointing to a IP
On Fri, 25 Dec 2020, 9:58 pm Daniel Austin, mailto:m...@dan.me.uk>> wrote:
Hi everyone,
Just a heads up that pgpkeys.eu  cluster will be
going offline shortly
due to the UK leaving the EU and EURid registry revoking all .eu
domains
for UK citizens on 1st Jan 2021.
It hasn't been in the hkps pool for some time anyway as its certificate
expired.
Thanks,
Dan.

seeking peers for keys2.andreas-puls.de

[Andreas Puls]

Hi all,

i've setup a second machine and now request for peering.

6044272 Keys loaded

My gossip line:
keys2.andreas-puls.de 11370 # Andreas Puls  0x0E37D51DDAC73FA6


Best regards
  Andreas

Re: seeking peers for sks.ygrek.org

[Andreas Puls]

Hi,

please feel free to peer with my server:

keys.andreas-puls.de 11370 # Andreas Puls  0x0E37D51DDAC73FA6

Best regards
  Andreas

Am 07.05.2020 um 06:01 schrieb ygrek:
> Hi,
> 
> I am looking for peers for a new SKS keyserver installation.
> 
> I am running SKS from git master, on sks.ygrek.org
> The server is physically located in Falkenstein, Germany, hosted in
> Hetzner. The machine has IPv6 connectivity.
> 
> I have loaded a keydump from https://keyserver.mattrude.com/dump/,
> dated 2020-05-05. I see 6008615 keys loaded.
> 
> For operational issues, please contact me directly.
> 
> sks.ygrek.org 11370 # ygrek 
> A34C49DD3DB8B78DFAEBE0FA6346B945708D5A0C
> 
> Thanks
>



signature.asc
Description: OpenPGP digital signature

Re: The state of peer connectivity

[Andreas Puls]

Happy New Year !

Am 31.12.2019 um 18:47 schrieb Todd Fleisher:
> Is this the one you are
> remembering: https://github.com/Timi7007/SKS-Keyserver-Gossip-Network-Graph ? 
>
Yes! That's it. Thank you - i've set a bookmark now :)
> -T
>
Br
  Andreas

>> On Dec 31, 2019, at 6:58 AM, Andreas Puls > <mailto:a...@gmx.net>> wrote:
>>
>> Hey Skip,
>>
>> nice work.
>>
>> I remember that another User wrote a JavaScript? and HTML where all
>> servers are listed with their peering. Unfortunately i can't find the
>> link anymore :(
>>
>> Br
>>  Andreas
>>
>> Am 20.12.2019 um 18:55 schrieb Skip Carter:
>>> Hi,
>>>
>>> Following the loss of half my peers last week (thank you to all that
>>> added me afterwards). I wondered just what the state of peer
>>> connectivity was.  So I wrote an application to find out.
>>>
>>> I started with the servers currently in the pool from
>>> https://sks-keyservers.net/status/
>>>
>>> Then queried each active server in turn with /pks/lookup?op=stats
>>>
>>> I ended up with the attached diagram.
>>>
>>> There were 34 active servers.  The average number of peers per server
>>> is 12.  But there are a handful of servers with only 1 or 2 peers.  I
>>> did not find any islands.
>>> (I ignored the peers with RFC 1918 addresses and servers that did not
>>> respond when I made the measurements).
>>>
>>>
>>>
>>>
>>
>

Re: The state of peer connectivity

[Andreas Puls]

Hey Skip,

nice work.

I remember that another User wrote a JavaScript? and HTML where all
servers are listed with their peering. Unfortunately i can't find the
link anymore :(

Br
  Andreas

Am 20.12.2019 um 18:55 schrieb Skip Carter:
> Hi,
>
> Following the loss of half my peers last week (thank you to all that
> added me afterwards). I wondered just what the state of peer
> connectivity was.  So I wrote an application to find out.
>
> I started with the servers currently in the pool from
> https://sks-keyservers.net/status/
>
> Then queried each active server in turn with /pks/lookup?op=stats
>
> I ended up with the attached diagram.
>
> There were 34 active servers.  The average number of peers per server
> is 12.  But there are a handful of servers with only 1 or 2 peers.  I
> did not find any islands.
> (I ignored the peers with RFC 1918 addresses and servers that did not
> respond when I made the measurements).
>
>
>
>

Re: [Sks-devel] Search returns 500 MB blob

[Andreas Puls]

Hi Sascha,

maybe you can block the request to those keys.
In Feb '19 we had something like a DDoS, a key which made about 90% of
the traffic.

See here:
https://www.mail-archive.com/sks-devel@nongnu.org/msg06498.html

I create an additonal nginx config, fail2ban will be triggered on error
code 444

Br
  Andreas

Am 03.06.2019 um 15:40 schrieb Sascha Rommelfangen:
> Hi all,
>
> Is nobody else affected by this issue?
> Nobody able to reproduce it?
>
> Cheers,
> Sascha
>
>
>> On 27 May 2019, at 15:27, Sascha Rommelfangen  wrote:
>>
>> Hi all,
>>
>> We’re just running into a situation where we looked up a key for the email 
>> address j...@cix.ie. All keyservers we tried, including our very own one at 
>> pgp.circl.lu, returned a blob of 500 MB.
>> Some key servers return a timeout after 30 seconds. The situation can also 
>> be tested with key ID 0x62cfc8f5, however, the returned blob is much smaller 
>> (23 MB).
>>
>> Has anyone else seen this or similar cases and investigated the root cause 
>> and what can be done to prevent systematically the exhaustion of resources?
>>
>> Thank you very much and with kind regards,
>> Sascha Rommelfangen
>>
>
>
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Fulfilled disk

[Andreas Puls]

Hey,

Am 29.03.2019 um 06:57 schrieb Todd Fleisher:
> Do you have the needed DB_CONFIG files in your DB & PTree directories? This 
> used to happen to me before I put those in place an rebuilt my databases.
>

IIRC you don't need to rebuild the database if you only put "set_flags
 DB_LOG_AUTOREMOVE" into DB_CONFIG

> Sent from the Fleishphone
>
>> On Mar 28, 2019, at 22:02, Kiss Gabor (Bitman)  wrote:
>>
>> Yesterday someone started to fill /var/lib/sks/DB with 1 MiB log files
>> until the 40 GiB partition got full:
>
>

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Annoying malicious keys - any easy solution?

[Andreas Puls]

Hi Todd,

Am 17.02.2019 um 17:02 schrieb Todd Fleisher:
> Do you (or others) see are any side effects to this approach? I’m 
> particularly wondering if it would cause your server to fall behind if it 
> repeatedly closes connections from its peers.
> 

Sorry, currently i don't know - it was a shortcircuit reaction.
But i think it shouldn't affect the peering with other. They do somthing
like this "POST /pks/hashquery HTTP/1.0" (maybe some one can give a
short feedback)

These keys made about 80% of the whole traffic (keyserver), the request
per seconds where kinda high.
If you try to get info about the keys via webinterface you will receive
garbage, the key itselfs is about 2.5Mb big.
The blocking will only affect the request where are you trying to
donwload the .asc file.
Maybe i'm a bit stubborn but after this step my server is much more
reachable. (until now. my provider had to reboot the server but sks
isn't marked for autostart :( )

> -T
> 

Br
  Andreas
>> On Feb 17, 2019, at 3:00 AM, Andreas Puls  wrote:
>>
>>
>>
>> Am 17.02.2019 um 11:54 schrieb Gabor Kiss:
>>>> So, what can I do?
>>>> I know ths patch (which seems to be included in debian sks package) to
>>>> ignore one special malicious key, but that seems to not help about those
>>>> noted above. Is there a patch to add more keys to be ignored?
>>>> As some IPs requests the same KeyID over and over again (>100 reqs/day),
>>>> I do block those IPs with fail2ban.
>>>
>>> Fail2Ban is useful but I intentionally do not log where the requests
>>> come. Logging in the proxy is turned off.
>>>
>>
>> I'm using nginx as reverse proxy and added this to the config:
>> if ( $args ~
>> "op=get=mr=(0x1013D73FECAC918A0A25823986CE877469D2EAD9|0x2016349F5BC6F49340FCCAF99F9169F4B33B4659|0xB33B4659|0x69D2EAD9)"
>> ) {
>>  return 444;
>> }
>>
>> 444: Connection Closed Without Response
>>
>> Additonal i use fail2ban which triggers on the errorcode 444
>>> Gabor
>>
>> Br
>>  Andreas
>>>
>>> ___
>>> Sks-devel mailing list
>>> Sks-devel@nongnu.org
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>
>>
>> ___
>> Sks-devel mailing list
>> Sks-devel@nongnu.org
>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>
> 



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Annoying malicious keys - any easy solution?

[Andreas Puls]

Am 17.02.2019 um 11:54 schrieb Gabor Kiss:
>> So, what can I do?
>> I know ths patch (which seems to be included in debian sks package) to
>> ignore one special malicious key, but that seems to not help about those
>> noted above. Is there a patch to add more keys to be ignored?
>> As some IPs requests the same KeyID over and over again (>100 reqs/day),
>> I do block those IPs with fail2ban.
> 
> Fail2Ban is useful but I intentionally do not log where the requests
> come. Logging in the proxy is turned off.
> 

I'm using nginx as reverse proxy and added this to the config:
if ( $args ~
"op=get=mr=(0x1013D73FECAC918A0A25823986CE877469D2EAD9|0x2016349F5BC6F49340FCCAF99F9169F4B33B4659|0xB33B4659|0x69D2EAD9)"
) {
return 444;
}

444: Connection Closed Without Response

Additonal i use fail2ban which triggers on the errorcode 444
> Gabor

Br
  Andreas
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel
> 

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Error with sks-recon.service

[Andreas Puls]

Is the Database filled with a current dump ?
Maybe the Database have a wrong ownsership ?

Am 20.06.2017 um 21:13 schrieb Lully Troconis:
> Hello,
> 
> I started a new SKS keyserver on agora.cenditel.gob.ve:11371 and add 4
> servers for peers, but the recon process don't start
> 
> /var/log/syslog
> 
> systemd[1]: Stopped SKS database service.
> systemd[1]: Started SKS database service.
> systemd[1]: Started SKS reconciliation service.
> sks[971]: 2017-06-20 15:00:37 sks_db, SKS version 1.1.6
> sks[971]: 2017-06-20 15:00:37 Using BerkelyDB version 5.3.28
> sks[971]: 2017-06-20 15:00:37 Copyright Yaron Minsky 2002, 2003, 2004
> sks[971]: 2017-06-20 15:00:37 Licensed under GPL. See LICENSE file for
> details
> sks[971]: 2017-06-20 15:00:37 http port: 11371
> sks[972]: 2017-06-20 15:00:37 sks_recon, SKS version 1.1.6
> sks[972]: 2017-06-20 15:00:37 Using BerkelyDB version 5.3.28
> sks[972]: 2017-06-20 15:00:37 Copyright Yaron Minsky 2002-2013
> sks[972]: 2017-06-20 15:00:37 Licensed under GPL.  See LICENSE file for
> details
> sks[972]: 2017-06-20 15:00:37 Opening PTree database
> sks[972]: 2017-06-20 15:00:37 DB closed
> sks[972]: Fatal error: exception Bdb.DBError("BDB1546 unable to join the
> environment")
> systemd[1]: sks-recon.service: Main process exited, code=exited,
> status=2/INVALIDARGUMENT
> systemd[1]: sks-recon.service: Unit entered failed state.
> systemd[1]: sks-recon.service: Failed with result 'exit-code'.
> 
> [...]
> 
> sks[971]: 2017-06-20 15:00:37 Opening KeyDB database
> sks[971]: 2017-06-20 15:00:37 Calculating DB stats
> sks[971]: 2017-06-20 15:00:41 Done calculating DB stats
> sks[971]: 2017-06-20 15:00:41 Database opened
> sks[971]: 2017-06-20 15:00:41 Applied filters: yminsky.dedup, yminsky.merge
> sks[971]: 2017-06-20 15:03:00 Error handling request (POST,/pks/add,[
> 
> I execute sks recon:
> 
> Fatal error: exception Bdb.DBError("BDB1546 unable to join the environment")
> 
> /var/log/sks/recon.log
> 
> 2017-06-20 15:09:00 Opening log
> 2017-06-20 15:09:00 sks_recon, SKS version 1.1.6
> 2017-06-20 15:09:00 Using BerkelyDB version 5.3.28
> 2017-06-20 15:09:00 Copyright Yaron Minsky 2002-2013
> 2017-06-20 15:09:00 Licensed under GPL.  See LICENSE file for details
> 2017-06-20 15:09:00 Opening PTree database
> 2017-06-20 15:09:00 DB close
> 
> ¿What is it failing?
> 
> Regards,
> Lu Troconis
> 
> 
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel
> 

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] IPv6 / IPv4 address change for keys.andreas-puls.de

[Andreas Puls]

Hey folks,


The AAA and A record for *keys.andreas-puls.de* has been changed.
New records are:

  AAA : 2a00:1910::edc5:5134
  A   : 85.93.13.183

The old address aren't not working anymore


Kind regards
  Andreas



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Error in recon.log

[Andreas Puls]

Hey all,

Am 03.02.2015 um 22:09 schrieb Kristian Fiskerstrand:
 Both distris have the membership located in /etc/sks/membership.


 Unless centos is doing something with the package that is likely
 wrong, it should be in the SKS basedir.

Debian do it the same way.
Configfiles (incl. membership) under /etc/sks/

 [root@keyserver sks]# ls -al total 24 drwxr-xr-x  2 sks  sks
 4096 Feb  3 15:04 . drwxr-xr-x 66 root root 4096 Feb  2 16:16 ..
 -rw-r--r--  1 sks  sks  2333 Jan 30 08:25 mailsync -rw-r--r--  1
 sks  sks36 Feb  3 15:04 membership -rw-r--r--  1 root root
 1319 Feb  3 15:03 membership_original -rw-r--r--  1 sks  sks
 2591 Feb  2 15:44 sksconf


$ ls -la /etc/sks/
total 32
drwxr-xr-x  2 root root 4096 Feb  3 22:39 .
drwxr-xr-x 57 root root 4096 Feb  3 22:42 ..
-rw-r--r--  1 root root   19 Oct  8  2013 forward.exim
-rw-r--r--  1 root root   26 Oct  8  2013 forward.postfix
-rw-r--r--  1 root root  620 Dec 25  2013 mailsync
-rw-r--r--  1 root root 2955 Feb  3 22:39 membership
-rw-r--r--  1 root root   77 Oct  8  2013 procmail
-rw-r--r--  1 root root 1295 Dec 29  2013 sksconf

 Is this server accessible somewhere? I tried connecting to
 http://194.0.229.61:11371/pks/lookup?op=stats and ditto for
 194.0.229.60 without getting a connection at least so you would be
 unable to peer with outside servers.



 194.0.229.61 was not open to public (CentOS). Public avaiable is
 194.0.229.60.

 telnet 194.0.229.60 11371
 Trying 194.0.229.60...
 ... timeout

what is the output for netstat -tulpn ?
Did you see something like this ?
tcp0  0 151.236.7.175:11370 0.0.0.0:*
LISTEN  1468/sks
tcp0  0 151.236.7.175:11371 0.0.0.0:*
LISTEN  1582/lighttpd
tcp0  0 127.0.0.1:11371 0.0.0.0:*
LISTEN  1467/sks
tcp0  0 0.0.0.0:80  0.0.0.0:*
LISTEN  1582/lighttpd
tcp6   0  0 2a03:f80:ed15:ed1:11370 :::*
LISTEN  1468/sks
tcp6   0  0 2a03:f80:ed15:ed1:11371 :::*
LISTEN  1582/lighttpd
tcp6   0  0 ::1:11371   :::*
LISTEN  1467/sks
tcp6   0  0 :::80   :::*
LISTEN  1582/lighttpd


 I granted access for testing to 194.0.229.61 now, too.

 So on both engines port 80, 11370 and 11371 are open to public.

 telnet 194.0.229.61 11371
 Trying 194.0.229.61...

 timeout


 Want to have SSH? There's nothing else than SKS on both engines.

 not really, should be able to figure this out without it.


kind regards
  andreas



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Debian and 1.1.5

[Andreas Puls]

Updated today my SKS installation from 1.1.4 to 1.1.5 from the wheezy
backports - without problems.

Kind regards
  Andreas

Am 20.05.2014 05:34, schrieb Jeremy T. Bouse:
   Just making note that it looks like sks 1.1.5-1 was uploaded to Debian
 unstable/Sid today. It doesn't appear to have made it through to the
 wheezy BPO yet but hopefully now that unstable has 1.1.5 the BPO package
 should be forthcoming.
 
 
 
 ___
 Sks-devel mailing list
 Sks-devel@nongnu.org
 https://lists.nongnu.org/mailman/listinfo/sks-devel
 



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] seeking peers for keys.andreas-puls.de

[Andreas Puls]

Hi,

I am looking for peers for a new SKS keyserver installation.

I am running SKS version 1.1.4, on keys.andreas-puls.de.
This is a private machine.
The server is physically located in Graz(EU/AT).
The machine has IPv6 connectivity.

I have loaded a keydump from ftp://ftp.prato.linux.it, dated 2013-12-25.
I see 3473985 keys loaded.

For operational issues, please contact me directly.

keys.andreas-puls.de 11370 # Andreas Puls a...@gmx.net 0xDAC73FA6


Kind regrads and merry Christmas
  Andreas Puls


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel