I've just added an SSH key to my digital ocean droplet using their API, so I didn't ever connect to my droplet through SSH. Their documentation says that I should, after creating, I should just say 'yes' when connecting through ssh, like I did:
ssh -i id_rsa root@IP
the fact is that I don't know if this fingerprint is from my machine. Howevr, since I'm using private keys, I don't know if there s a risk of saying 'yes' without knowing if this fingerpint is the real one. Is there any risk, even using a private key? Why does the documentation tell me to say yes if that is a security risk?
