Skip to Content

Find SSH Host Key Fingerprint in Linux

In Linux, getting the SSH host key fingerprint is crucial for verifying the identity of an SSH server before establishing a connection. Here are the methods to retrieve the host fingerprint:

Method 1: Using ssh-keygen

  • Local Server: To find the fingerprint of a local SSH server’s host key, use:
    ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
    • The -l option displays the fingerprint.
    • The -f option specifies the key file.
    • /etc/ssh/ssh_host_rsa_key.pub is the default path for the public key file of the SSH server.
  • Remote Server: For a remote SSH server’s fingerprint, combine ssh-keygen with ssh-keyscan:
    ssh-keyscan hostname_or_IP | ssh-keygen -lf -
    • ssh-keyscan retrieves the public key of the remote server.
    • The output is piped into ssh-keygen -lf – to compute and show the fingerprint.

Method 2: Directly When Connecting

During the first-time connection to an SSH server, the server’s public key fingerprint is displayed in the confirmation prompt. This allows for verification before proceeding with the connection.

Important Considerations:

  • Always ensure the fingerprint matches the expected fingerprint of the SSH server to prevent security risks like man-in-the-middle attacks.
  • SSH servers may use different key types (RSA, ECDSA, ED25519, etc.). Check the fingerprint for the specific type of key used for the connection.

By using these methods, you can securely obtain and verify the SSH host key fingerprint, ensuring that your SSH connections are made to the correct servers.

 

Boost Your Website Speed!

If you want your website to run as fast as ours, consider trying Cloudways. Their powerful cloud infrastructure and optimized stack deliver exceptional performance. Free migration!

2 ways to Automatically Accept an SSH Host Key in Linux

Understanding SSH known_hosts File with Examples

Understanding SSH authorized_keys file with Examples

Fix SSH timed out waiting for input: auto-logout with TMOUT and StopIdleSessionSec Configurations