Feature request: simple command to display active SSH host key fingerprints
Brian Candler
b.candler at pobox.com
Mon Jul 6 16:51:32 AEST 2026
On 06/07/2026 07:17, Robert Reder via openssh-unix-dev wrote:
> Would it be possible to provide a built-in command such as:
>
> sshd --show-fingerprints
>
> or similar, which would display all active host key fingerprints used
> by the running sshd configuration?
>
> Example output:
>
> ED25519 SHA256:...
> ECDSA SHA256:...
> RSA SHA256:...
Something like this?
sshd -T | awk '/^hostkey / {print $2}' | while read a; do ssh-keygen -l
-f "$a"; done
But it may be better just to use ssh-keyscan. The output is in the form
of public keys rather than fingerprints, but is suitable for use
directly in known_hosts.
More information about the openssh-unix-dev
mailing list