I recently had a need to check the ssh fingerprints of a remote host. ssh-keyscan will do this, but, aggravatingly, doesn’t emit the fingerprint in the same form that the ssh client does. ssh-keygen will display the fingerprint of a host key, but it only works on files. So, I wrote a little shell script, called ssh-hostfpr, that will present the fingerprint of a remote host. It uses ssh-keyscan and ssh-keygen, which should be included with any sane SSH distribution.

Invoke it with a hostname as the argument:

$ ssh-hostfpr
1024 64:af:a8:05:76:20:bb:d5:5a:e3:55:93:37:51:91:43
1024 87:fe:7b:1c:0c:d6:f9:dd:94:82:d9:cb:b0:ee:35:7a
1024 10:7c:47:51:d1:81:57:1c:6f:78:36:9e:bd:a5:c5:38

ssh-hostfpr will grab the host’s RSA1, RSA, and DSA keys, and
present them all.

Download ssh-hostfpr from my code directory. Direct questions, comments, bug reports, and feature requests to dlc at sevenroot dot org.

%d bloggers like this: