hkps and reverse proxy

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

hkps and reverse proxy

fuat
hkps to be active ServerAlias I need to notify the servers I have
defined?

everything works when I do apache proxy settings via static ip.
however, sks-keyservers.net does not detect the sks that I run on local
ip with apache when I make proxy from static ip to local ip.

Finally, what is the meaning of these records?

Error handling request (POST, / pks / add, [
Accept: * / *
Content-Length: 82
content-type: application / x-www-form-urlencoded
expect: 100-continua
host: pool.sks-keyservers.net]): Failure ("Error while decoding ascii-
armored key: text"
2019-03-18 19:34:00 Page not found: / pks / lookup / undefined1
<ScRiPt> prompt ('CVE-2014-3207') </ ScRiPt>

I'd appreciate it if you could help.

--
┌------------------------------------------┐
| Fuat Bölük  fuat[at]teknoloji360[dot]com |
|------------------------------------------|
|------ hkps://sks.teknoloji360.com/ ------|
|------------------------------------------|
| F0D4521D60378B67CE64665EE7C9735903E48A51 |
└------------------------------------------┘
--
 I do not know english. I'm using translate.
--


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: hkps and reverse proxy

fuat
hkps on my server is running.

[fuat@fuxproject ~]$ gpg2 --keyserver hkps://sks.teknoloji360.com --
recv-key D6379D85
gpg: key 0B7F8B60E3EDFAE3: 1223 signatures not checked due to missing
keys
gpg: anahtar 0B7F8B60E3EDFAE3: "Kristian Fiskerstrand <
[hidden email]>" değişmedi
gpg: İşlenmiş toplam miktar: 1
gpg: değişmedi: 1

apache virtualhost.

<VirtualHost 185.126.179.97:443>
    ServerAdmin  [hidden email]
    ServerName   sks.teknoloji360.com

    ServerAlias  http-keys.gnupg.net
 
    ServerAlias  eu.pool.sks-keyservers.net
    ServerAlias  na.pool.sks-keyservers.net

    ServerAlias  pool.sks-keyservers.net
    ServerAlias  ipv4.pool.sks-keyservers.net
    ServerAlias  hkps.pool.sks-keyservers.net
    ServerAlias  subset.pool.sks-keyservers.net
.......

named zone

; The Domains OpenPGP Keyserver Service
_hkp._tcp.sks.teknoloji360.com.                   IN      SRV     10 10
11371 sks.teknoloji360.com.
_pgpkey-http._tcp.sks.teknoloji360.com.           IN      SRV     10 10
11371 sks.teknoloji360.com.
_pgpkey-https._tcp.sks.teknoloji360.com.          IN      SRV     10
10   443 sks.teknoloji360.com.
sks.teknoloji360.com.                             IN      A       185.1
26.179.97
.......

; OpenPGP PKA Records
info._pka                                         IN      TXT     ("v=p
ka1;fpr=CE093A9439F29DDD82E73E835E17DF6833F048DF;"
                                                                  "uri=
https://teknoloji360.com/keys/0x33F048DF.asc")
fuat._pka                                         IN      TXT     ("v=p
ka1;fpr=F0D4521D60378B67CE64665EE7C9735903E48A51;"
                                                                  "uri=
https://teknoloji360.com/keys/0x03E48A51.asc")
...................


do I need to add hkps servers to my membership file?


Pzt, 2019-03-18 tarihinde 19:40 +0300 saatinde, fuat yazdı:

> hkps to be active ServerAlias I need to notify the servers I have
> defined?
>
> everything works when I do apache proxy settings via static ip.
> however, sks-keyservers.net does not detect the sks that I run on
> local
> ip with apache when I make proxy from static ip to local ip.
>
> Finally, what is the meaning of these records?
>
> Error handling request (POST, / pks / add, [
> Accept: * / *
> Content-Length: 82
> content-type: application / x-www-form-urlencoded
> expect: 100-continua
> host: pool.sks-keyservers.net]): Failure ("Error while decoding
> ascii-
> armored key: text"
> 2019-03-18 19:34:00 Page not found: / pks / lookup / undefined1
> <ScRiPt> prompt ('CVE-2014-3207') </ ScRiPt>
>
> I'd appreciate it if you could help.
>
> --
> ┌------------------------------------------┐
> > Fuat Bölük  fuat[at]teknoloji360[dot]com |
> > ------------------------------------------|
> > ------ hkps://sks.teknoloji360.com/ ------|
> > ------------------------------------------|
> > F0D4521D60378B67CE64665EE7C9735903E48A51 |
> └------------------------------------------┘
> --
>  I do not know english. I'm using translate.
--
┌------------------------------------------┐
| Fuat Bölük  fuat[at]teknoloji360[dot]com |
|------------------------------------------|
|------ hkps://sks.teknoloji360.com/ ------|
|------------------------------------------|
| F0D4521D60378B67CE64665EE7C9735903E48A51 |
└------------------------------------------┘
--
 I do not know english. I'm using translate.
--


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: hkps and reverse proxy

Todd Fleisher

On Mar 18, 2019, at 11:06 AM, fuat <[hidden email]> wrote:

hkps on my server is running.

That sounds accurate, based on what I am seeing @ https://sks.teknoloji360.com

...................

do I need to add hkps servers to my membership file?

The membership file controls recon and takes place over a specific port outside the realm of HKP vs. HKPS. Your membership file should contain a list of servers that have agreed to peer with you & their tcp port numbers. Per the following excerpt from https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering (under Add Peers):

Note that the membership lines only provide the SKS recon port; key retrieval will happen on a port number one greater than the recon port. Thus recon lines are normally on port 11370 and retrieval happens on the normal HKP 11371 port.


-T


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: hkps and reverse proxy

Todd Fleisher
In reply to this post by fuat
On Mar 18, 2019, at 9:40 AM, fuat <[hidden email]> wrote:

hkps to be active ServerAlias I need to notify the servers I have
defined?

everything works when I do apache proxy settings via static ip.
however, sks-keyservers.net does not detect the sks that I run on local
ip with apache when I make proxy from static ip to local ip.

I’m not sure I understand your question. Sounds like you are trying to access an apache virtual host over an IP address and are not getting the expected content.

Finally, what is the meaning of these records?

Error handling request (POST, / pks / add, [
Accept: * / *
Content-Length: 82
content-type: application / x-www-form-urlencoded
expect: 100-continua
host: pool.sks-keyservers.net]): Failure ("Error while decoding ascii-
armored key: text"
2019-03-18 19:34:00 Page not found: / pks / lookup / undefined1
<ScRiPt> prompt ('CVE-2014-3207') </ ScRiPt>

See https://bitbucket.org/skskeyserver/sks-keyserver/issues/26/cve-2014-3207-unfiltered-xss

-T


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (849 bytes) Download Attachment