The Linux Page

Ever wondered how to verify the remote host fingerprint on SSH connect?

WARNING: This is actually wrong. The -F is a SEARCH feature. Not a way to recalculate the value on your own system. So you can verify that the value is the same in your database, but SSH already does that and shows you that terrible warning... so in effect it is the exact same command.

Whenever you connect to a computer with SSH, it gives you a fingerprint of the host.

Ever wondered how to check whether that fingerprint is a match? Yeah... I figured, 99% of us don't even know how to make sure that it is indeed a match.

There is the command line to generate that fingerprint:

ssh-keygen -l -F <HOSTNAME>

This will print exactly the same value, assuming hostname represents the same computer (i.e. same IP address.) To compare, you may use something like this:

if test "<ssh presented key>" = "<keygen presented key"; then echo Match; fi

Just copy the SHA512 code in the quotes and if you get "Match" on your console, they are equal. Just make sure you copy and paste properly.