Home > GNU/Linux, Lucid Lynx > Downloading repo keys from behind a corporate firewall

Downloading repo keys from behind a corporate firewall

Corporate firewalls commonly block port 11371 which launchpad PPA’s use for their keys.

It is possible though to get these through the normal port 80 for web traffic using the format below (replace the last reference to reflect the key you want to download)…
gpg --keyserver hkp://keyserver.ubuntu.com:80 %%recv-keys 0A5174AF

  1. naked hobbit
    October 29, 2010 at 06:25

    Well for crying out loud, why isn’t this little workaround more well known? I’ve been scouring the internet trying to find some way to access repository keys because our company is one of the many that block miscellaneous ports. And no they won’t unblock. Our department was on the verge of scrapping Ubuntu as a contender for just this reason.

    Thank you.

    If you don’t mind I’d like to post this on a couple other forums, with credit to you of course.

    BTW, is there any way to make this the default for add-apt-repository?


    • gurrier
      October 29, 2010 at 17:54

      naked hobbit,

      Glad it helped you out.
      Feel free to post elsewhere if you think it will help others.



    • gurrier
      October 30, 2010 at 11:21

      >BTW, is there any way to make this the default for add-apt-repository?

      As far as I can determine, not in any elegant way.
      The add-apt-repository utility is a python script. It references other python scripts that provide functionality relating to apt for repositories.

      If you run the following command in a terminal window, you will see a hardcoded line in one of the files that seems like it is what is causing the current default behaviour

      grep -n keyserver.ubuntu.com /usr/share/pyshared/softwareproperties/*.py
      /usr/share/pyshared/softwareproperties/ppa.py:88: [“apt-key”, “adv”, “–keyserver”, “keyserver.ubuntu.com”,

      I have not gone to any exhaustive lengths to confirm this as any updates to python-software-properties package would probably reset it to the default again.

      Hope this helps,


  2. L
    November 10, 2010 at 15:50

    wow! that was so simple.
    thanks a bunch gurrier!

    all this while i’ve been adding the key manually…

    • gurrier
      November 11, 2010 at 18:16

      Glad you found it helpful.

  3. January 26, 2011 at 00:48

    Error: Couldn’t resolve host ‘keyserver.ubuntu.com’

    Only our proxy-server (squid) knows the dns Answer. My complete ubuntu system works fine with this proxy-settings, only apt-key does not work? Is there a way to add the key by hand?

    • gurrier
      January 26, 2011 at 11:29

      To clarify your position, when you try the command line in this blog posting, you get that error?
      Do you get a response if you run the following?

      ping keyserver.ubuntu.com

      I presume not.

      The way to have all tools use the same proxy is the following…
      System menu, Preferences, Network-Proxy, And then use the “Apply System-wide” button.

  4. kwo
    March 10, 2011 at 07:12

    On Ubuntu 10.10, I needed to export the key from gpg and add it using apt-key. Maybe that’s obvious to others, but I didn’t know that until I did a bit more searching.


    gpg –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys 0A5174AF
    gpg –armor -o keyfile –export “key name” // (use gpg –list-keys to look it up)
    sudo apt-key add keyfile

    Of course you’d replace the key id and key name as needed.

  5. Pouel
    March 24, 2011 at 02:27

    I don’t know if this may help some other people, but the above instructions by kwo and gurrier didn’t work as they were written here. I had to change the ” –” character for “–” (right before “keyserver” and “recv-keys”). Thus:

    gpg –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys 0A5174AF


    gpg –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys 0A5174AF

    I’m fairly new to the Linux world, some there is probably something that eludes me, but it worked for me.

    • Pouel
      March 24, 2011 at 02:32

      … Looks like my comment above looks silly. What I really meant was that the “–” character before both “keyserver” and “recv-keys”, when copied from this website (with Chrome) and pasted into a terminal, wasn’t pasted as two consecutive hyphens (as it should), but as a single dash character (which doesn’t quite work it seems).

      Posting two conscutive hyphens in the comment box is translated as a dash character, it seems.

      • gurrier
        March 24, 2011 at 03:50

        Aha, I see what’s happening there. WordPress blogging tool is interpreting the double hyphen as a single one both in my article and your comments.

        Wonder how I stop that from happening so it does not confuse in future.

        Thanks for pointing it out, Pouel.



  6. gurrier
    March 24, 2011 at 03:58

    For the record, if you are using WordPress and need to prevent it from interpreting a double hyphen as a long hyphen symbol, use the HTML escape codes instead.


  7. gurrier
    March 24, 2011 at 03:59

    Bah! It did of course interpret them as the hyphens in the comment too.
    I will place spaces as separators so you get the gist

    & # 4 5 ; & # 4 5 ;

  8. April 19, 2011 at 21:24

    well done! nice to see people sharing their knowledge – this is the real power of open source & free software!
    Thank you so much!

    • gurrier
      April 20, 2011 at 07:20

      Glad it was useful for you.

  9. Charlie
    May 10, 2011 at 06:19

    cberman@cberman-ubuntu:/usr/share/pyshared/softwareproperties$ sudo gpg –keyserver hkp://keyserver.ubuntu.com:80 %%recv-keys 3B1510FDusage: gpg [options] [filename]

    • gurrier
      May 24, 2011 at 06:07

      The formatting is wrong. Use two hyphens instead of the two percentage marks.



  10. Anton
    July 27, 2011 at 19:35

    To use it through an authenticating proxy server such as squid:

    gpg –keyserver-options http-proxy=http://username:passwd@ –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys 0A5174AF

  11. DaRattler
    October 14, 2011 at 19:43

    Found a workaround in ubuntu forums, just add the ppa in root shell


  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: