How do I extract fingerprints from .ssh/known

Try this command:

% ssh-keygen -l -f ~/.ssh/known_hosts

2048 c2:e7:c0:9f:cd:c8:54:88:ac:b3:6b:a6:51:73:2b:e3 mach1,192.168.1.3 (RSA)
2048 a2:5e:8c:4e:2e:be:be:eb:23:12:5e:fe:6c:4b:23:dd mach2,192.168.1.1 (RSA)
1024 ae:5f:bc:e3:33:c3:dd:45:1e:18:1a:46:d1:d6:d2:39 mach3,192.168.1.6 (RSA)
...
...

just want a single host:

% ssh-keygen -l -f ~/.ssh/known_hosts -F mach1
2048 c2:e7:c0:9f:cd:c8:54:88:ac:b3:6b:a6:51:73:2b:e3 mach1 (RSA)

Resources

http://www.gossamer-threads.com/lists/openssh/users/49503

slm

Posted 2013-01-07T02:52:05.930

Reputation: 7 449

13It is worth noting that recent versions of openssh default to a SHA256 hash. To get the older md5 hash, use the -E md5 option. – JumperPunk – 2015-09-08T15:08:32.657

3And if a non-standard port is used: [example.com]:1234 – treat your mods well – 2016-05-07T21:04:43.420

1Another +1. This is something I've been looking for "how do you check fingerprint of a remote ssh server on the client machine"..... or "how does ssh client know the remote server's fingerprint has changed" – CppLearner – 2017-11-28T19:14:14.977

3To get host key fingerprints for an SSH server (replace example IP with your server's IP or hostname): ssh-keyscan 123.123.12.34 | ssh-keygen -l -f - – TrinitronX – 2018-02-14T01:24:41.597

9Thanks! I didn't know you could use -l with a known_hosts file.

Here's a version that even better addresses my question: ssh-keygen -l -f ~/.ssh/known_hosts -F example.com – treat your mods well – 2013-01-21T02:10:13.587

Glad it helped. 2 heads are better than one 8-). – slm – 2013-01-21T02:14:30.453

4Incidentally, the reason -F is important for me is that whatever version of SSH I have installed has hashed all the hostnames in the known_hosts file. I can't just grep for the line I want. (This is a useful security measure if someone ever gets my private key -- they're less likely to figure out what machines it can get them into.) – treat your mods well – 2013-01-24T23:05:40.297