Not sure if I am falling to answering trolling, but still...
Sounds like you still haven't understood what happens here.
The error/complaint comes from your PC, not router. SSH server automatically generates an RSA key & fingerprint, which others (clients) can use to identify the server. RSA is supported by all clients, so it is the default.
Likely something like this has happened.
you copied the key files from your own router
you flashed a new router
you use ssh or scp to access the router and to copy the old keys to the router (overwriting the automatically generated key)
at the next ssh login you suddenly get the error.
Note that at the step where you copy the old keys to the router, you have likely contacted the router with ssh/scp. Thus your PC already received the automatically generated fingerprint and stored it in its local database. After you replaced the key at the server, the client then notices that somebody has changed the host key for the server. (that somebody was you...) and warns you. Just use the ssh-keygen command on the client to remove the old key from the local database.
And "dropbearkey" is command that you can use to generate new keys:
root@router1:~# dropbearkey
Must specify a key filename
Usage: dropbearkey -t <type> -f <filename> [-s bits]
-t type Type of key to generate. One of:
rsa
ecdsa
-f filename Use filename for the secret key.
~/.ssh/id_dropbear is recommended for client keys.
-s bits Key size in bits, should be a multiple of 8 (optional)
ECDSA has sizes 256
-y Just print the publickey and fingerprint for the
private key in <filename>.
I know that when the hardware changes, with the same IP, client will alert me.
I have my public key on all my machines, I have problem creating a new key.
If I add the key, by luci, or adding on the files, or copying file from a working machine, it does not work, ubuntu "ssh client says, "Host key verification failed", Windows Putty says "key refused
I do right, the error can only be, or how I compile OpenWRT or a bug.
First attempt worked, ubuntu and putty has accepted key.
gevagiorgio@PC-Ufficio:~$ ssh-keygen -f "/home/gevagiorgio/.ssh/known_hosts" -R 192.168.1.69
# Host 192.168.1.69 found: line 4
/home/gevagiorgio/.ssh/known_hosts updated.
Original contents retained as /home/gevagiorgio/.ssh/known_hosts.old
gevagiorgio@PC-Ufficio:~$ ssh root@192.168.1.69
The authenticity of host '192.168.1.69 (192.168.1.69)' can't be established.
RSA key fingerprint is SHA256:affD2OE4wVW4CYL5Se3XtYTdz9DlBkLKbQuzU2nwdbc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.69' (RSA) to the list of known hosts.
BusyBox v1.31.0 () built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt SNAPSHOT, r11102-ced4c0e
After I did a hard reset, re put the key by luci
It does not work anymore.
gevagiorgio@PC-Ufficio:~/openwrt/files/etc$ ssh-keygen -f "/home/gevagiorgio/.ssh/known_hosts" -R 192.168.1.69
# Host 192.168.1.69 found: line 7
/home/gevagiorgio/.ssh/known_hosts updated.
Original contents retained as /home/gevagiorgio/.ssh/known_hosts.old
gevagiorgio@PC-Ufficio:~/openwrt/files/etc$ ssh root@192.168.1.69
The authenticity of host '192.168.1.69 (192.168.1.69)' can't be established.
RSA key fingerprint is SHA256:/+zw8g3wMjpK8f2kpSEf1RFHvnum3KXxgzOladT/3uE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.69' (RSA) to the list of known hosts.
root@192.168.1.69's password:
Any time you remove your approval/authentication of the key, the normal configuration of the ssh client is to warn you that the key canβt be authenticated and ask if you want to proceed.
(There are other key-authentication approaches, but they are typically not implemented by home users.)
gevagiorgio@PC-Ufficio:~$ ssh root@192.168.1.69 -v
OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.1.69 [192.168.1.69] port 22.
debug1: Connection established.
debug1: identity file /home/gevagiorgio/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gevagiorgio/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gevagiorgio/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gevagiorgio/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gevagiorgio/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gevagiorgio/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gevagiorgio/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gevagiorgio/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: Remote protocol version 2.0, remote software version dropbear
debug1: no match: dropbear
debug1: Authenticating to 192.168.1.69:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:dmxR0fcr1SO1DZ/uYY/Kr8f1swbsYOahaZ5AZ8iZ4gI
debug1: Host '192.168.1.69' is known and matches the RSA host key.
debug1: Found key in /home/gevagiorgio/.ssh/known_hosts:7
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/gevagiorgio/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/gevagiorgio/.ssh/id_dsa
debug1: Trying private key: /home/gevagiorgio/.ssh/id_ecdsa
debug1: Trying private key: /home/gevagiorgio/.ssh/id_ed25519
debug1: Next authentication method: password
root@192.168.1.69's password:
root@BatteryPoE:/# sha256sum /etc/dropbear/authorized_keys
de3139dddfe2373212cb748f2ad6067c350915b2982ce65d3eb135f42bfd57f3 /etc/dropbear/authorized_keys
gevagiorgio@PC-Ufficio:~/.ssh$ sha256sum ~/.ssh/id_rsa.pub
de3139dddfe2373212cb748f2ad6067c350915b2982ce65d3eb135f42bfd57f3 /home/gevagiorgio/.ssh/id_rsa.pub
gevagiorgio@PC-Ufficio:~/.ssh$ ssh root@192.168.1.69 -v
OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.1.69 [192.168.1.69] port 22.
debug1: Connection established.
debug1: identity file /home/gevagiorgio/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gevagiorgio/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gevagiorgio/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gevagiorgio/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gevagiorgio/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gevagiorgio/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gevagiorgio/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/gevagiorgio/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: Remote protocol version 2.0, remote software version dropbear
debug1: no match: dropbear
debug1: Authenticating to 192.168.1.69:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:dmxR0fcr1SO1DZ/uYY/Kr8f1swbsYOahaZ5AZ8iZ4gI
debug1: Host '192.168.1.69' is known and matches the RSA host key.
debug1: Found key in /home/gevagiorgio/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/gevagiorgio/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/gevagiorgio/.ssh/id_dsa
debug1: Trying private key: /home/gevagiorgio/.ssh/id_ecdsa
debug1: Trying private key: /home/gevagiorgio/.ssh/id_ed25519
debug1: Next authentication method: password
root@192.168.1.69's password: