Host (server) keys are one thing, user keys are another.
First, make sure you have
Code:
RSAAuthentication yes
in your /etc/ssh/ssh_config on the client machine.
Then:
Code:
RSAAuthentication yes
PubkeyAuthentication yes
in /etc/ssh/sshd_config on the server machine.
The RSA key fingerprint you were shown is not the same as the one you got for /root/.ssh/public-key-file because you compared the host public key against the user public key.
I personally make copies of all server and client keys right after they are generated, this way I can have the fingerprints of the original keys.
The message "The authenticity of host..." has to do with server (host) keys, not user keys. These keys are located in /etc/ssh on the server machine.
In your case, they should be names ssh_host_rsa_key and ssh_host_rsa_key.pub (I don't know anything about that Android stuff).
I personally think that the type of keys that were generated by the SSH server on Android need to be converted into another format.
".pem Defined in RFC's 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs), or may include an entire certificate chain including public key, private key, and root certificates. The name is from Privacy Enhanced Email, a failed method for secure email but the container format it used lives on.
.key This is a PEM formatted file containing just the private-key of a specific certificate. In Apache installs, this frequently resides in /etc/ssl/private. The rights on this directory and the certificates is very important, and some programs will refuse to load these certificates if they are set wrong." (
http://serverfault.com/questions/970...file/9717#9717)
And this is how you can do conversions:
https://stackoverflow.com/questions/1011572/convert-pem-key-to-ssh-rsa-format
Or I might be totally wrong, but that's my two cents. Hope this helps.
Bookmarks