- «no public key available» on apt-get update
- 10 Answers 10
- I recommend that you follow @mariotomo’s answer rather than the steps below!
- References
- How to Add SSH Public Key to Server
- Method 1: Automatically copy the ssh key to server
- Method 2: Manually copy the public ssh key to the server
- Step 1: Get the public key
- Step 2: Create ssh directory in the user’s home directory (as a sysadmin)
- Step 3: Set appropriate permission to the file
- How do I import a public key?
«no public key available» on apt-get update
. and that string you elided is an important bit. It’d let us identify which keys you’re missing (assuming installing the keyring packages—preferably from trusted media—that ruda suggested doesn’t help)
10 Answers 10
The other answers will work, or not, depending on whether or not the key ‘8B48AD6246925553’ is present in the packages they indicate.
If you need a key, you have to get that key, and where to find it, it’s in a key server (very probably any key server will do):
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
Is there any way to determine if the received key is leggit such that I can do such a dangerous operation like adding global apt-trust to some arbitrary key? Is there any way to check the credibility of the key after it was received? Which are the steps to perform to do the key verification? For example, the only thing you have is ftp-master.debian.org/keys/ziyi_key_2002.asc so how do you get to the most current key without breaking the trust chain?
Good answer that worked for Debian 7 (Wheezy). I was getting an error similar to the OP’s, except the key was 1397BC53640DB551 . I tried using what I thought was a Debian key server ( keyring.debian.org ) with no joy. The keyserver.ubuntu.com key server worked a treat!
Why bother with adding a key, if I can just add APT::Get::AllowUnauthenticated «true»; to /etc/apt/apt.conf.d/ ? For those who don’t want to give up on key checks, see the other answer.
I recommend that you follow @mariotomo’s answer rather than the steps below!
sudo aptitude install debian-archive-keyring
References
The last 8 hex digits are shared with this, so it’s probably complaining about wheezy. Unfortunate of the OP to have elided that: pub 4096R/46925553 2012-04-27 [expires: 2020-04-25] uid Debian Archive Automatic Signing Key (7.0/wheezy)
Not surprisingly, different hex numbers may require different solutions. I put quotation marks around the number in my Google search, to force a verbatim search for that number, and I landed at this page, which fixed my problem: reddit.com/r/linux4noobs/comments/4grdo7/… (@mariotomo’s answer may have worked too—I didn’t try)
$ sudo apt-get install debian-archive-keyring $ sudo apt-key update
This is better than other approaches because it does not install debian-keyring , which is big and 99% of the time unnecessary.
This was the better solution for me as it fits in with a Docker container better. However note that (at least in Docker) you have to install only this package first, then do a second apt-get update , then install the packages you really want.
Debian 10: Warning: ‘apt-key update’ is deprecated and should not be used anymore! Note: In your distribution this command is a no-op and can therefore be removed safely
In fact, you may need to install debian-archive-keyring even if you have debian-keyring installed on its latest version
The error There is no public key available for the following key IDs indicates a serious security issue: an operating-system package cannot be checked for integrity with its public key, because its public key is missing.
There is no public key available for the following key IDs: 1397BC53640DB551
You can use this command to find out which repository uses the key:
for n in `ls /var/lib/apt/lists/*gpg`; do echo "$n" ; gpg --list-packets "$n" | grep 1397BC53640DB551; done
Which in this example is the Google’s repository for Chrome:
If you trust Google, its government, etc., you should find out where the key is and add it with:
wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add -
Fixed for me 🙂 Thank you! But just curious, what was wrong? What does the first command do, and what does the second one do? Should this solve all problems? My issue was also with Google Chrome.
And does the first command change anything with gpg? It says it created some conf file gpg.conf, and I do not know if I want that.
The first does search for the key in your list of packets to see the offending packet. The second one downloads the key and add it to your system. The first command is not useful in this case, but it’s good as a general approach.
I faced the same problem in Linux Mint (Kernel Version 3.13.0-24) and I was able to solve it using the commands :
1) The commands were executed in order 2) The commands were exectued as root user
My answer is a slight upgrade (IMHO, YMMV) on @mariotomo (who I upvoted) in the following bash scriptlet
- also uses gpg
- parameterizes more
- (also uses a different keyserver, though in this case I suspect it makes little difference)
You can also comment-out the eval line for a «dry-run»: the scriptlet will then only show you what it intends to do, without actually doing it. Just be sure to change the value of NO_PUBKEY every time you use this (you can also change KEYSERVER as desired):
NO_PUBKEY='1397BC53640DB551' # CHANGE TO THE VALUE CITED IN YOUR ERROR MESSAGE! KEYSERVER='keys.gnupg.net' NO_PUBKEY_LEN="$" echo "NO_PUBKEY_LEN='$'" # for sanity or debugging # note following works because bash arrays have 0-based indices NO_PUBKEY_2ND_HALF_START=$(( NO_PUBKEY_LEN/2 )) echo "NO_PUBKEY_2ND_HALF_START='$'" # ditto NO_PUBKEY_2ND_HALF="$" echo "NO_PUBKEY_2ND_HALF='$'" # ditto for CMD in \ 'date' \ "gpg --keyserver $ --recv-keys $" \ 'date' \ "gpg -a --export $ | sudo apt-key add -" \ ; do echo -e "$" eval "$" done
How to Add SSH Public Key to Server
Public key authentication allows you to access a server via SSH without password. Here are two methods to copy the public ssh key to the server.
Public key authentication allows you to access a server via SSH without password. Here are two methods to copy the public ssh key to the server.
I believe you understand the basic SSH concept. Your Linux server has ssh enabled. You have generated ssh keys on your personal computer. Now you want to upload your public key to the authorized keys of the server so that you can access it without typing your account password all the time.
This quick tutorial shows you two methods to add a public SSH key to the server.
Requirements
Before you see that, let’s be clear about what you should already have:
- Your destination server should have ssh enabled
- You should have generated public and private ssh keys (just use the command ssh-keygen -t rsa)
- You should have a user account and password on the server. Even root account will do.
- You should know the IP address of the server
Now that you have made sure of the above four requirements, let’s see how to use public key authentication.
The authentication is per user base so the public key goes in the intended user’s home.
Method 1: Automatically copy the ssh key to server
The first method is where the end user copies its personal computer’s public key to the list of the authorized keys on the remote server.
Here, I assume that you were able to log in to the remote server using ssh [email protected]_of_server. It asks for your account’s password and you enter the server.
If you add your public key to the server, you should be able to log in without typing the password all the time.
OpenSSH provides a handy tool call called ssh-copy-id for copying ssh public keys to remote systems. It even creates required directories and files.
As I mentioned earlier, you should know the username and password to the server you want to access via public key authentication.
When prompted, enter the password for your user account at the remote server. Your public key should be copied at the appropriate folder on the remote server automatically.
I have used ~/.ssh/id_rsa.pub because that is the default location for the public ssh key. If you have it at some other location, you should use that in the above command.
Method 2: Manually copy the public ssh key to the server
The first method had the action on the user side. Let’s say that you are the sysadmin and your server doesn’t allow SSH login via password. The only way to access the server is using SSH public key authentication.
In such a case, you can ask the end user to provide her/his public key. Now what you can do is to create .ssh/authorized_keys directory and then copy the public key here.
Step 1: Get the public key
Ask the end user to provide the public key by typing the following command:
It will show a long random string starting with ssh-rsa:
You can get this text via email or messaging tools. Normally, it shouldn’t be a problem.
Step 2: Create ssh directory in the user’s home directory (as a sysadmin)
Keep in mind that you have to create these new directories and files in the end user’s home directory, not your own (root/sysadmin).
mkdir -p /home/user_name/.ssh && touch /home/user_name/.ssh/authorized_keys
Now open this /home/user_name/.ssh/authorized_keys file with a text editor like Vim and add the public key of the user here:
vim /home/user_name/.ssh/authorized_keys
Save and close the file. It’s almost ready.
Step 3: Set appropriate permission to the file
Having appropriate file permission on the ssh file is very important otherwise you’ll see errors like Permission denied (publickey).
First, make sure to set the correct file permissions:
chmod 700 /home/user_name/.ssh && chmod 600 /home/user_name/.ssh/authorized_keys
You created those file with either root or your own admin accounts for some other user. You need to change the ownership to the user:
chown -R username:username /home/username/.ssh
Now that it’s done, you can ask the end user to log in to the server.
Do let me know if you face any issues or if you have any suggestion on this topic.
How do I import a public key?
2) If «1» doesn’t work (you’re not alone) then you can use this:
«Some people have reported difficulties using [the first approach]. The issue was usually related to a firewall blocking port 11371. An alternative approach is to search for the key at http://keyserver.ubuntu.com:11371/ and copy the key to a plain text file, say key.txt. Then, feed the key to apt-key with
To make it easy for this specific case:
Searching for Michael Rutter lead us to:
Public Key Server -- Get ``0x51716619e084dab9 '' -----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.0.10 mQENBEy9tcUBCACnWQfqdrcz7tQL/iCeWDYSYPwXpPMUMLE721HfFH7d8ErunPKPIwq1v4Cr NmMjcainofbu/BfuZESSK1hBAItOk/5VTkzCJlzkrHY9g5v+XlBMPDQC9u4AE/myw3p52+0N XsnBz+a35mxJKMl+9v9ztvueA6EmLr2xaLf/nx4XwXUMSi1Lp8i8XpAOz/Xg1fspPMRhuDAG YDnOh4uH1jADGoqYaPMty0yVEmzx74qvdIOvfgj16A/9LYXk67td6/JQ5LFCZmFsbahAsqi9 inNgBZmnfXO4m4lhzeqNjJAgaw7Fz2zqUmvpEheKKClgTQMWWNI9Rx1L8IKnJkuKnpzHABEB AAG0I01pY2hhZWwgUnV0dGVyIDxtYXJ1dHRlckBnbWFpbC5jb20+iQE+BBMBAgAoBQJMvbXF AhsjBQkJZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBRcWYZ4ITauTy9B/4hmPQ7 CSqw5OS5t8U5y38BlqHflqFev3llX68sDtzYfxQuQVS3fxOBoGmFQ/LSfXQYhDG6BZa4nDuD ZEgb81Mvj0DJDl4lmyMdBoIvXhvdEPDd/rrOG+1t2+S429W9NIObKaZCs9abv2fnIhrtyAWx c/iNR5rJmNXozvJVGAgAeNhBSrvZqFaPJ//BklbJhfVgNwt4GgtFl1vaU7LMaMrOWA9Hyd8d WAGuIhbYXOOFj1WZ/OhUlYXnsIe8XzaJ1y6LyVkCLhaJ+MVtGwTXrFXRhBLQlhCYBfO25i/P GUWSvRhI8n/r+RMNOuy1HlFbexRYrtPXOLbiO8AlFuIsX9nRuQENBEy9tcUBCADYcCgQCCF1 WUSn7c/VXNvgmXzvv3lVX9WkV4QdpcJXitXglXdTZwVxGv3AxDuaLEwxW7rbqKRPzWNjj4xT Hxt2YtUjE+mLV58AFaQQU3aldYG8JPr2eohMNZqp2BG2odczw5eaO5l5ETjC1nHUjDUm8us3 TV3AXOajAjguGvpG3DKnx/gmudrMBVSAEE64kefyBmSR683zkXhw+NgbTID9XW1OSqE+fLQf 0ZzQEojMdfYIeV8Q5sMAmU3J9AdlpyDrZaYRmiphgw8PZTMahhz/o6Bz7p6VqA4Ncmr225nn tIsjUUz0iK6TsaOi9KrF23Rw+IDUJeYkdVbwGqavgJG1ABEBAAGJASUEGAECAA8FAky9tcUC GwwFCQlmAYAACgkQUXFmGeCE2rlB9Qf+JKMUzM0KVdTFWocGP+v4xTJsnKjYfjPjOkFYAdxh jkiIq7h7ws0s+UKqmzSG4vX5Qz46GZcB7x0hVrN0gqCcfpruPZOjXNkRwtsXbLfiurrZQ6dS PsNIE9L4DZdSTggwC3i7jiDlK6TtIMXD55VoVvVAvmzt6/f7y4qsVxhZ/N3jMqq1vLUESw8e Vq2ryZRU9OIUufb5JjGNJ1Zz0Zp8hV/IPLoIv1OIocWov27YLcr6EnXuvXvU/MSm97YifdG9 UYCE99nHTioSM0Q3cgpu5EppVNrc232gyG2vlHzhsstNBx55cUmAX2fEzxuRipLS0iq4L0zU Gdgdjn4noGDzGA== =BF1w -----END PGP PUBLIC KEY BLOCK-----
I) Copy this to a txt file:
sudo apt-key add ~/Michael.txt && rm ~/Michel.txt
Also EvilPhoenix has «got a script that you can install which can allow you to execute the functions described here in a much easier one-line command, its part of a Launchpad project [he] started, the PPA for it is located here.
Its written in Bash, but that is more than enough of a requirement for it to qualify.
Its compatible with all versions of Ubuntu Lucid and later.»