rsa is right kind ?
Need some module ?
I copied it from the HTML page of an old OpenWrt, where the key work to html page of the new OpenWrt where it does not work.
Possibly too short (less than 2048 bits?), so that it gets rejected as insecure? Or the algortihm used is disabled as insecure. Or something like that.
There have been that kind of gradual changes during the years, so if you copy something from an ancient 15.05 or earlier, it is quite possible that something has changed.
Alternatively: a copy-paste error in the new javascript based functionality. Test with editing the key files via normal SSH console or copying with scp.
From UBUNTU to Old (Working) and New (Not Working)
gevagiorgio@PC-Ufficio:~/openwrt$ ssh root@192.168.1.69
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:cQ/GfsKpGLmfKovrsMpea8m/pagC/SWAkLGlx00IcQU.
Please contact your system administrator.
Add correct host key in /home/gevagiorgio/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/gevagiorgio/.ssh/known_hosts:4
remove with:
ssh-keygen -f "/home/gevagiorgio/.ssh/known_hosts" -R 192.168.1.69
RSA host key for 192.168.1.69 has changed and you have requested strict checking.
Host key verification failed.
gevagiorgio@PC-Ufficio:~/openwrt$ ssh root@192.168.1.69
BusyBox v1.28.3 () built-in shell (ash)
___ ___ _
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|__|| _|__||||__||| |_|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt SNAPSHOT, r6910-afbb3d2
-----------------------------------------------------
-----------------------------------------------------
shop.gevaelettronica.it Battery PoE Fw 3.0
On html page, system / Local Startup, enable this files.
/root/Leds.sh Leds daemon and message on at TFT
/root/CpConf.sh Daemon for CPE config
/root/OnCpScript.sh File lauched on the CPE
/root/system.cfg CPE configuration, to load
-----------------------------------------------------
root@BatteryPoE:~#
gevagiorgio@PC-Ufficio:~$ ssh root@192.168.1.69
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:affD2OE4wVW4CYL5Se3XtYTdz9DlBkLKbQuzU2nwdbc.
Please contact your system administrator.
Add correct host key in /home/gevagiorgio/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/gevagiorgio/.ssh/known_hosts:4
remove with:
ssh-keygen -f "/home/gevagiorgio/.ssh/known_hosts" -R 192.168.1.69
RSA host key for 192.168.1.69 has changed and you have requested strict checking.
Host key verification failed.
That means the host key doesn't match the client's "known host" record for a previous connection to this IP or hostname.
It has nothing to do with authorized_keys. This is used later for the host to authenticate the client, after the client is satisfied that the host is authentic by checking the host key.
The host key is randomly generated the first time dropbear starts on a new OpenWrt install. I've never tried to import or preserve a host key.
Unless you have a reason to make it more complicated than it is, and you are sure there is no man in the middle, you should simply run the suggested ssh-keygen -R command on the client. That will make it forget the old key and not throw that message.
Like mk24 says, that is a normal "host key changed" error on the PC that you are making the ssh connection from. The ssh client stores fingerprints of the servers that you connect to, and if the fingerprint is different in a new connection, you get this error.
As the host key is automatically generated, you will get this error after you reflash the router (the ssh server) without keeping settings. Or if a new router gets an IP address that belonged earlier to another device, so that the ssh client sees a new host key that differentiates from the one in its database.
The easy fix is to run this command in the PC that you are making connections from:
Too bad that you did not show the actual error message initially...