Feature request: simple command to display active SSH host key fingerprints

Brian Candler b.candler at pobox.com
Mon Jul 6 16:51:32 AEST 2026


On 06/07/2026 07:17, Robert Reder via openssh-unix-dev wrote:
> Would it be possible to provide a built-in command such as:
>
> sshd --show-fingerprints
>
> or similar, which would display all active host key fingerprints used 
> by the running sshd configuration?
>
> Example output:
>
> ED25519 SHA256:...
> ECDSA SHA256:...
> RSA SHA256:...

Something like this?

sshd -T | awk '/^hostkey / {print $2}' | while read a; do ssh-keygen -l 
-f "$a"; done

But it may be better just to use ssh-keyscan.  The output is in the form 
of public keys rather than fingerprints, but is suitable for use 
directly in known_hosts.


More information about the openssh-unix-dev mailing list