30
15
I'm trying to install Mongodb on Ubuntu 12 but when I run this command:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
This returned the error below:
keyserver.ubuntu.com host not found
gpgkeys: HTTP fetch error 7: couldn't connect: no such file or directory
gpg:no valid openPGP data found
gpg: Total number processes :0
I turned off Firewall on Iptables, but it don't work. Is there any idea?
nyamka
Posted 2013-07-17T08:10:36.017
Reputation: 301
37
This may not actually be a problem with looking up the keyserver, which is what the error suggests. The apt-key command calls gpg, which in turn tries to access the keyserver. Apparently there's a bug in gpg whereby if the keyserver doesn't have the key you are requesting, then gpg misinterprets that as "host not found".
It may well be that a non-responsive keyserver will do the same thing, and I have seen environments where the keyservers are blocked (corporate firewall rules), so that could be your root cause if there is an upstream firewall you do not have access to.
Just for reference, the key is there and the keyserver is currently responding for me:
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.rh1myoBdSE --trustdb-name /etc/apt//trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv 7F0CEB10
gpg: requesting key 7F0CEB10 from hkp server keyserver.ubuntu.com
gpg: key 7F0CEB10: "Richard Kreuter <richard@10gen.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
It may be that the port is the issue (it was the last time when I hit a corporate firewall problem), so try doing this on the standard HTTP port (80) instead, see if that sorts things out:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
Adam C
Posted 2013-07-17T08:10:36.017
Reputation: 2 475
4"doing this on the standard HTTP port (80) instead" is nice tricky! tks – Bill.Zhuang – 2017-01-16T07:17:59.073
1
Warning: without SSL, you could potentially be hit by a MitM attack that serves you a key whose fingerprint has the same final eight characters (example attacking key). Such a key may not even be shared publicly, so you'd never know you were pwned. To prevent such an attack from publicly shared keys, Debian's keyserver has a policy stating “only keys in the Debian keyrings … will be returned by this server”
– Adam Katz – 2019-01-04T20:49:41.51321
I faced the same issue as my machine is behind a corporate proxy. Adding the gpg --keyserver-option http-proxy made the trick. Looks like:
sudo apt-key adv --keyserver-options http-proxy=<myProxy> --keyserver keyserver.ubuntu.com --recv 7F0CEB10
fgungnir
Posted 2013-07-17T08:10:36.017
Reputation: 311
1Thanks! Good that I didn't stop reading at the top... – Moraru Lilian – 2016-04-12T13:20:47.767
20
If you are using a proxy, for example company's proxy then probably the only way is to enter this manually, which is pretty straight forward. Run:
sudo apt-get update
and get the id of the pub_key.
Then go to http://keyserver.ubuntu.com/ and search for the key as a hexidecimal, for example if the key is 7936A783B, then search for 0x7936A783B.
Click on the pup link and copy the keys content and save it to a txt file.
Go to terminal and navigate to the file and run:
sudo apt-key add key.txt
If it works, you will get a simple OK feedback.
When all keys are added, then you may run:
sudo apt-get update
and there you have it!
DKo
Posted 2013-07-17T08:10:36.017
Reputation: 341
3This is neat; it's also possible to use the URL you obtain verbatim with apt-key as follows: apt-key adv --fetch-keys http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xD6ACA1C817B18ABC – sxc731 – 2017-02-25T11:16:25.037
2@sxc731 – The apt-key man page says: “Note that there are no checks performed, so it is easy to completely undermine the apt-secure(8) infrastructure if used without care.” This means you really don't want to do that without SSL. Change that to --fetch-keys https://… and you should be reasonably safe. – Adam Katz – 2019-01-03T23:21:54.490
@AdamKatz very good point, thanks. Unfortunately I can't edit my comment to apply your suggestion but upvoted anyway... – sxc731 – 2019-01-04T10:07:36.737
The --fetch-keys option failed for me with error: https://keyserver.ubuntu.com/pks/lookup?op=get gpgkeys: protocolhttps' not supported
gpg: no handler for keyserver scheme https' gpg: WARNING: unable to fetch URI https://keyserver.ubuntu.com/pks/lookup?op=get: keyserver error – miguelmorin – 2019-01-16T11:22:45.677
Thanks, exactly what I was looking for. – Miguel Ortiz – 2019-05-09T20:04:19.063
1
The second approach mentioned in this link worked for me. Manually download the key and add it. The link provides step by step procedure to fix the error happening due to missing key.
Aniket Thakur
Posted 2013-07-17T08:10:36.017
Reputation: 597
Can your system resolve keyserver.ubuntu.com as an IP address? I.e, what's the output of
dig keyserver.ubuntu.com? – Xyon – 2013-07-17T14:36:31.140