@germano ,

Not to discount your concern, but 8196 bit rsa keys are not 'typical' in this day and age, mostly it's 4096 or some variant of the ed25519/ecdsa/{insert ecc curve here}. You indicate having 3 keys, these are all for Fedora ??? Arguably the quickest and easiest fix to this would be to make some rsa4096 key(s) or ecc keys for Fedora uses, and return to https://admin.fedoraproject.org/accounts and browse to these new key(s) and upload and within ~ 30 or the next timed sync whichever comes first you should be able to login as desired.

Note: If you need to access any host that is still running on RHEL/CentOS 6 it will NOT work with a ecc key ( presently and likely not thru the lifecycle of those hosts from my understanding) so I'd advise rsa4096. While 8196 is nice to have most services don't natively support it, or have cookie space for them.

Hope this helps at least in expanding on puiterwijk's (Patrick) comments last week.

@pingou so we could go to OIDC on the web interface of pagure anytime? Or are we waiting for the api to be done first?

Alternately, we could try a small fas patch to reject too long ssh keys, but not sure how hard that would be or if we want to update fas.

@pingou so we could go to OIDC on the web interface of pagure anytime?

Technically yes

Or are we waiting for the api to be done first?

I think the hope/idea was to have both at once, but maybe we should re-consider

So, I see our options here:

1) Go ahead and move pagure.io web logins to OIDC now, close this.
2) Keep waiting for ipsilon work to unblock the api move, close this
3) Just close this won't fix for now until 1 or 2 happens
4) something else.

Thoughts?