Feature request: simple command to display active SSH host key fingerprints

Jochen Bern Jochen.Bern at binect.de
Mon Jul 6 19:42:17 AEST 2026


Am 06.07.26 um 11:08 schrieb Brian Candler:
> On 06/07/2026 07:51, Brian Candler wrote:
>> Something like this?
> 
> I always forget about xargs.
> sshd -T | awk '/^hostkey / {print $2}' | xargs -n1 -d'\n' ssh-keygen -l -f

Since we're already assuming a login onto the server and the OpenSSH 
tools being installed there, how about

$ ssh-keyscan -q [ -p $NONSTANDARD_PORT ] localhost | ssh-keygen -l -f -

?

(If your server's version of ssh-keyscan happens not to support "-q" 
yet, tack a "2>/dev/null" behind "localhost" instead.)

Kind regards,
-- 
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4336 bytes
Desc: Kryptografische S/MIME-Signatur
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20260706/2595cbe1/attachment-0001.p7s>


More information about the openssh-unix-dev mailing list