the public key it's asking you to confirm is not the same public key as
the identity/authorized_keys -- it's the public key of the remote
host/server. this key is stored in known_hosts so that future attempts to
connect to that host can be compared against known_hosts to warn against
man-in-the-middle attacks. it also might be used in the exchange of the
secret session key.
-tcl.
On Tue, 6 Mar 2001, David Miller wrote:
> thanks to all for the responses to my last email. so i was able to get
> ssh to work without a password by deleting everything in /etc/ssh and
> running ssh-keygen, placing the identity and identity.pub in $HOME/.ssh
> and creating an authorized_keys file with the public keys of all the
> machines. (NB: without the authorized_keys file passwords are still
> required)
>
> My question now is: why does ssh ask me to confirm the public key when i
> connect for the first time? i already loaded the public keys on the
> respective machines (ie in the authorized_keys file) so ssh should
> already know the public key. Not only that, but ssh creates the
> known_hosts file, which is almost identical to the authorized_keys file.
>
> my concerns are (a) i would just like to know how this mode of ssh works
> and (b) in the future i may have a larger network of machines and it
> would be great to avoid having to manually accept all the public keys
> twice, especially after loading them already. Thanks for any
> clarifications!
>
> -David-
>
>
