Ok, more information...
I see that if I use an ssh client that connects to an ssh server, I do
get the expected
fingerprints. I also see that if I use the dbclient with the db server
I get the
expected fingerprint. The problem occurs when I try to use the ssh
client to connect
to the db server.
Any thoughts?
I'm confused, so I'd like to re-phrase my question (below) a bit...
Assume I start up a dropbear server on a machine (ignore my embedded
case).
I do that with the following commands...
dropbearkey -t dss -f dropbear_dss_host_key
dropbearkey -t rsa -f dropbear_rsa_host_key
dropbear -F -r dropbear_rsa_host_key -d dropbear_dss_host_key
Now I attempt to connect to this server using ssh and I get the message:
The authenticity of host '135.222.138.20 (135.222.138.20)' can't be
established.
RSA key fingerprint is
c5:36:7f:8c:c8:d6:d6:0c:53:45:61:76:f6:d0:91:4e.
Are you sure you want to continue connecting (yes/no)?
Assume I want to be anal and want to verify that I'm *really*
connecting to my server.
If I have access to the console of the machine running the server,
then how do I verify
that the fingerprint given to me by the client is in fact from the
server that I assume I
am connected to?
I *thought* I could use "dropbearkey -y dropbear_rsa_host_key" on the
server,
and it would give me that same fingerprint as is presented at the
client in the
warning message, but that gives me a different fingerprint.
What am I doing wrong here or why am I confused?
Ed
Hi,
I now have the dropbearkey code integrated into my embedded stuff.
I assume the idea is to call this function each time the server
starts up.
Then each time the server starts, future client connections will
reject the
server connection until $HOME/.ssh/known_hosts is purged of that
server's
key information.
Correct so far?
Assuming yes...
Then, the user of the client has to accept the new credentials based on
the RSA key fingerprint from the server. So, shouldn't the message that
comes out of the client reflect the same fingerprint as that which was
printed when the key was created on the server?
(mine doesn't)
Ed
