#8742 jcline not able to login to pagure.io and src.fp.o
Closed: Will Not/Can Not fix 2 months ago by smooge. Opened 2 months ago by cverna.

Describe what you would like us to do:

Opening this after talking with @jcline. He is not able to login anymore on pagure.io and src.fp.o. It seems that this have happened after updating his ssh key there.

From the IRC convo :

It stopped working after I updated my ssh keys, can be reproduced in a private window etc


When do you need this to be done by? (YYYY/MM/DD)



This is due to FAS being broken with messaging. We have to manually update the keys on these boxes.

Metadata Update from @smooge:
- Issue assigned to smooge

2 months ago

@jcline Please try now and let me know. I have updated the keys on the systems.

OK at the moment it looks like something in the openid returned code on this login is a problem. Going through the logs, there are 6 SSH keys and openid splits them over different openid.ax.value.ext0.NN= values. However it seems to do jclines in a different way than other accounts which only had 1 or 2 keys.

Trying to split out the lines in either python, perl, or awk would crash out it in different ways so I am not sure at this point if it is a 'the entry is too long' or 'smooge cant code without coffee at the end of the day' or something else.

OK looking at this last night and some more, I can only recommend seeing if having 1 to 2 keys in FAS will diagnose the issue better.

Metadata Update from @smooge:
- Issue priority set to: Waiting on Reporter (was: Waiting on Assignee)

2 months ago

OK I looked through the logs to see if there were any differences/etc.

1) You had 6 keys to your account and now have 5 keys. There are 2 people who have 5 keys who also have logged in over Feb/March but their keys seem to be mainly ECDH versus RSA. [In case the problem is length of keys]

2) Your ssh keys are the only ones openpgp signed. I don't think know if that has anything to do with this. One of them was causing my python split to go a little weird but not sure why.

That said, my assumptions could be complete BS for why it isn't working for you and I have been going down the wrong tree thinking it was the pgp keys.

My debugging would be to try changing the FAS account to only have 1 key in FAS and then try to log in. If that doesn't work at that point I would know this was completely invalid line of enquiry. If it does work, then I would add a key at a time until it stopped working. Looking at the 5 keys it is returning, I would start with the one saying +ansible and then try adding the openpgp keys.

That said I am going to ask @kevin for anything I am missing.

OK todays testing was the following:
jcline dropped down to 1 key and was able to log into src.fedoraproject.org. he then added 3 more keys and still seemed to be able to log into src.fedoraproject.org.

In staging I found that having more than 7 keys caused ipsilon to give out 500's. Those 500's do not show up in the pagure logs in anyway so this is not the problem that jcline was running into.

In staging, I took jclines public keys from stg and in production fas as of ~1400 UTC and put them into my account to try and replicate the problem. However I was not able to duplicate it. id gave the keys and I was able to log into the website. [Since I didn't have the private keys I was not able to test pushing to stg.pagure.]

At this point most of my ideas have come up to zero.

Metadata Update from @smooge:
- Issue priority set to: Waiting on Assignee (was: Waiting on Reporter)
- Issue tagged with: authentication, pagure, src.fp.o

2 months ago

We can't figure this out and we will never speak of it again.

Metadata Update from @smooge:
- Issue close_status updated to: Will Not/Can Not fix
- Issue status updated to: Closed (was: Open)

2 months ago

Login to comment on this ticket.

Metadata