Assume I passed on my public key to a service provider for them to set up a “new” server and configure it for private key authentication (instead of root password).
Is the server fingerprint verification during my initial connection to the server still necessary and/or helpful against MITM or any other attack?
I realize that verifying the server’s fingerprint initially when using password authentication is absolutely sensible. But I don’t understand the SSH protocols well enough to see, if this still makes sense if I never use a password at all.
Wouldn’t a successful first-time authentication with my key imply that the server has my public key and is, therefore, the right one? Or is there still a way to perform a MITM attack in such a scenario? Is there any qualitative difference between this scenario and a first-time authentication with a password?