Results 1 to 8 of 8

Thread: Encrypted Connection for Ubuntu Updates?

  1. #1
    Join Date
    Jan 2016
    Beans
    88
    Distro
    Ubuntu Mate

    Encrypted Connection for Ubuntu Updates?

    I recall reading something about forcing all updates to go through HTTPS connections but I don't recall the method to use this feature. Is it possible to do this? Thanks!

  2. #2
    Join Date
    Feb 2006
    Location
    Winkler, MB., CA
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Encrypted Connection for Ubuntu Updates?

    This thread may be of interest to you. It is about using the TOR anonymity network to download partially encrypted updates.

    https://ubuntuforums.org/showthread.php?t=2357369

    I think the connection through the three tor nodes would be encrypted with the path from the third Tor node to the repositories unencrypted.

    There is also apt-transport-https but I'm not sure if any of the repositories use https.
    Last edited by Floppyjoe; April 28th, 2017 at 01:11 AM.

  3. #3
    Join Date
    Apr 2011
    Location
    Mystletainn Kick!
    Beans
    10,865
    Distro
    Ubuntu

    Re: Encrypted Connection for Ubuntu Updates?

    apt-transport-https should already be installed.
    (As almost every other repo you might add be it 3rd party or ppa is probably using https; comical sometimes that the main archives do not...)

    https mirrors do exist, though they are few and far between.

    I guess I'll rinse and repeat myself here:
    https://ubuntuforums.org/showthread....6#post13622116

    ^^I literally felt deja-vu as I typed the above, and remembered i posted that about a month ago.
    Splat Double Splat Triple Splat
    Earn Your Keep
    Don't mind me, I'm only passing through.
    Once in a blue moon, I'm actually helpful
    .

  4. #4
    Join Date
    Oct 2016
    Beans
    9

    Re: Encrypted Connection for Ubuntu Updates?

    Hi. As we know, all the data that APT and of course similar tools transfers is signed by GPG keys. And the signed Releases files contain hashes for all the packages, and APT can check the hashes during downloads packages and so on. On the other side, HTTPS would mean that users would need to configure their clients to check certificates for the individual mirrors. Anyway, this would not protect users against a hacked mirror site. There is also functionality in APT to respect a Valid-Until tag in Release file, but it is not implemented, because a malicious mirror could simply use this Release file for e.g. an earlier Ubuntu release and prevent install of available updates. Thanks.

  5. #5
    Join Date
    Feb 2006
    Location
    Winkler, MB., CA
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Encrypted Connection for Ubuntu Updates?

    Quote Originally Posted by anoda View Post
    Hi. As we know, all the data that APT and of course similar tools transfers is signed by GPG keys. And the signed Releases files contain hashes for all the packages, and APT can check the hashes during downloads packages and so on. On the other side, HTTPS would mean that users would need to configure their clients to check certificates for the individual mirrors. Anyway, this would not protect users against a hacked mirror site. There is also functionality in APT to respect a Valid-Until tag in Release file, but it is not implemented, because a malicious mirror could simply use this Release file for e.g. an earlier Ubuntu release and prevent install of available updates. Thanks.
    Is there any reason why using apt-transport-https and apt-transport-tor would result in hash sum mismatches when using the apt-get commands other than a man in the middle changing the data?

  6. #6
    Join Date
    Jan 2016
    Beans
    88
    Distro
    Ubuntu Mate

    Re: Encrypted Connection for Ubuntu Updates?

    Thank you all for the tips! Deadflowr, I remember now, yes, the article I read mentioned apt-transport-https. The main reason I wanted to encrypt was more for privacy about what I'm downloading rather than authentication. Anyway, I installed it, but I noticed that none of the links are https when I run apt-get update. How do I enable this package? There seems to be little info about it. Unless I'm just not looking in the right place.


  7. #7
    Join Date
    Apr 2011
    Location
    Mystletainn Kick!
    Beans
    10,865
    Distro
    Ubuntu

    Re: Encrypted Connection for Ubuntu Updates?

    How do I enable this package? There seems to be little info about it. Unless I'm just not looking in the right place.
    Nothing needed to do to get apt-transport-https to start.
    It works out of the box.
    The only changes you would need to do is setup the sources for https.
    (basically find an https-able mirror and change your sources.list to that mirror.)
    Last edited by deadflowr; April 30th, 2017 at 04:22 AM. Reason: clarity
    Splat Double Splat Triple Splat
    Earn Your Keep
    Don't mind me, I'm only passing through.
    Once in a blue moon, I'm actually helpful
    .

  8. #8
    Join Date
    Jan 2016
    Beans
    88
    Distro
    Ubuntu Mate

    Re: Encrypted Connection for Ubuntu Updates?

    Thanks for the tip!

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •