Ubuntu Pro beta tutorial

and why do you think users have to pay for it ?

they explicitly don’t (as stated in every announcement around ubuntu-pro), enterprises are though and to have control that enterprises do not abuse this there must be a gate-keeping mechanism.

maintaining an extra 20000+ packages is a non-trivial and non-cheap amount of work, someone has to pay for it, but it is not you …


They don’t, but they have to deal with being bugged by it constantly. I perceive it as if you are “infesting” a core tool, as it were. Subscribing to the pro version means creating a user, creating a user with personally identifiable information, so generally being much more involved, even when you want to just use a clean operating system.

That’s a slippery slope, anyway, if we were to take into consideration the FOSS chain, linux kernel and, of course, Debian. Yes, I expect companies to be able to use Ubuntu without paying. You might think it’s an “ugly” truth, but it is what it is. And I think that’s actually very important, too, the fact that people simply use it. And they can contribute in turn with as little as pointing out bugs or even with merge requests. If they need support, they’ll pay for it. If they need fast security updates, they’ll pay for it. Otherwise, the operating system should be clean. Ubuntu has a purely community-driven operating system at its core. But all this is probably an officially unpopular idea, I know.

Anyway, to my mind, the more you push users and limit their choice, the more they’ll start looking for other solutions.

Last time i checked only an email address was needed for Ubuntu SSO … so it makes you as much identifiable as something like yodeldiploma@gmail.com goes, yes …

nobody will ask for your ID at the door …

and they are … nothing has changed, it is still the same Ubuntu it was 2 weeks ago, but there are new security features available that close potentially serious CVEs in the software you use.

the tool that has always notified you about these still notifies you about them and you are free to ignore this, nobody forces you into anything, it is just a message, nothing more and noting less …


In jammy gcc is 11/12 and python is 3,10/3,11rc if i attach pro free single personal non commercial subcription after few year will i get gcc >12 or gcc-2(x) version or py> 3.11 or 3.2(x) cause its esm upto 2032 right

I am a Linux Mint user and I tried to install Ubuntu Pro on Linux Mint 20.3 (based on Ubuntu 20.04 LTS).
Following the tutorial, my computer can be attached to Ubuntu Pro, but no service can be enabled, since “Una” or “20.3” are not recognized as valid Ubuntu codenames.
I had to hack my system, changing some configuration files, to have it recognized as Ubuntu 20.04 LTS, focal.
However, this hack broke some of Linux Mint specific tools (mintsources, kernel tool) and this is not satisfactory.
So, my question is: does Canonical intents to extend Ubuntu Pro to Ubuntu derivatives (see https://wiki.ubuntu.com/DerivativeTeam/Derivatives) in order to have Ubuntu Pro work on these derivatives without system hacking? (A way to do that would be to have “pro enable” command accept, as an example, “una” “20.3” as equivalent to Ubuntu 20.04 LTS Focal Fossa).
This would be a great improvement.

To offer security updates like pro does it is essential that all packages come unmodified from the same archive.

Official Ubuntu flavors are doing all their work inside the Ubuntu archive, sharing the same packages, while derivatives like Mint add modifications to core packages via third-party repositories.

There is no way to properly support such a setup for Canonical, Mint would have to provide this to you, since they are the only ones having control over the hacked/changed packages and conceptual differences they did implement.


Dear all, please apologize if this is not the right place to ask this question. I am evaluating the use of Ubuntu Pro for a stand-alone device which has no connection to the internet (so not a cloud machine, just your ol’ regular box). We are mainly interested in having CIS hardening, so making use of the USG. I saw that the Ubuntu cloud images do not need to “attach” any token, but I could not find the Ubuntu Desktop Pro image which has the USG already installed. What we are looking for is a CIS hardened Ubuntu image that we can install on our stand alone device. Does such a thing exist, and if not, how would you go about and create such an image? Ubuntu Pro looks very promising, and we really hope that we can make it work for our use case. Thanks & best regards, ayedo

Hi, sorry to have not replied sooner. We don’t offer pre-configured Pro images for standalone servers. You could set up the machine online, enable Pro, install USG and harden the system, then transition it to an offline environment.

I have a problem with this tutorial.
I have followed all the steps, form 1 to 4 ( Free Personal Token) and in step 5 i get the following error:
# sudo pro attach <<xxxx <-my token >>
Failed to attach machine.
I have searched in kb, forums and i didn’t see why fail.

Can you help me?
Thanks a lot

could you check which version of the pro client and which version of Ubuntu you have pls?
$ pro version
$ lsb_release -a

root@:# pro version
root@:# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.6 LTS
Release: 18.04
Codename: bionic

ok, this looks correct. be sure you only include your token in the command. you don’t need []
so the command is

$ sudo pro attach [your token]

alternatively you could simply use the command without the token

$ sudo pro attach

it would generate a code that you would have to input at ubuntu.com/pro/attach (you need to login first)

you should see the following output

Please sign in to your Ubuntu Pro account at this link:
And provide the following code: 123ABC

note that 123ABC is a made-up example

please let me know if that helped?


Now i have a problem with SSL not related and connection fail:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)
Failed to connect to authentication server

I’ll try when ssl problem has been solved

Hello @extjmontalvo
Is it happening only to the Pro Client? Are other certificates overall working?
As a hint: you machine may not trust the correct root certificates: we use letsencrypt to maintain the certs. Make sure your system trusts letsencrypt (:
Feel free to reach out if you think we can help you further with the SSL problems.

We use a wildcard ssl, signed from FNMT-RCM purchuased in 20231010.

sudo pro attach -our token-
Failed to connect to authentication server
Check your Internet connection and try again.

sudo pro attach
Initiating attach operation…
ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)

We have 20 domains, eight using wildcard, rest using letsencrypt or digicert ssl, without problems.

curl -I https://acme-v02.api.letsencrypt.org
HTTP/2 200
server: nginx
date: Thu, 26 Oct 2023 09:51:09 GMT
content-type: text/html
content-length: 1540
last-modified: Thu, 23 Jun 2022 21:19:20 GMT
etag: “62b4d8d8-604”
x-frame-options: DENY
strict-transport-security: max-age=604800

apt-get install ca-certificates
Reading package lists… Done
Building dependency tree
Reading state information… Done
ca-certificates is already the newest version (20230311ubuntu0.18.04.1).

I miss something and i didn’ see what is. :frowning:

Hmmm… I see.
In this case, we would need more details about this.
Could you please run
sudo ubuntu-bug ubuntu-advantage-tools
so our team gets a Launchpad bug with the debugging information there?

Or, if you wish, directly open a bug in our Launchpad project . If you are manually opening the bug, make sure to run sudo pro collect-logs and attach the resulting tarball to the bug please.

I have run pro detach command on two test machines but activated machine count on the dashboard dis not changed, even went up by 1 machine, how can I verify deactivate machines.

Update: Next day the count was correct. I guess it needs some time to update. I am doing tests with realtime-kernel, I don’t know what would happen if I detach a machine and attach other machine for test, do I need to wait one day before attaching?

Hi husnu2,

The dashboard count is the number of active machines within the past 24 hours, so it will take a day to decrease when you detach.
For exactly that reason, you won’t get auto-denied for going a few over your contract limit and it is okay to temporarily go above your limit to do testing like you suggest.

Hope this helps.

1 Like

Hi Renan.

Sorry for not answering until now, but I completely forgot it.
The error was with the ca-certificate path.

Fixed up and now this server is in Ubuntu Pro.
Thanks for all.

1 Like