Quickly produce and verify SSH key fingerprints to ensure host authenticity and key integrity. 16.11.2025 | reading time: 2 min Want to confirm a server or key is genuine before trusting it? This guide shows how to produce and read SSH fingerprints from host keys and user keys so he can verify identities with concrete commands. Hands-on: two common checks Do this now: produce a fingerprint for a local public key and for a remote host; examples below show the exact commands and expected output in one view: ```ssh-keygen -lf ~/.ssh/id_rsa.pub \n2048 SHA256:AbCdEfGhIjKlMnOpQrStUvWxYz0123456789abcd user@host (RSA) \n\nssh-keyscan -t rsa dev-server.example.com | ssh-keygen -lf - \n# remote output may vary, example: \n2048 SHA256:ZyXwVuTsRqPoNmLkJiHgFeDcBa0987654321fedc - (RSA)``` Variations that matter Try different hash formats and key sources: use `ssh-keygen -lf <file>` to list a key file fingerprint and `ssh-keygen -E md5 -lf <file>` to see the legacy MD5 hex form; use `ssh-keyscan -t rsa,ed25519 host` to fetch remote host keys before your first login so you can verify them out of band. Related utilities to use Beyond basic listing, `ssh-keyscan` helps collect host keys, `ssh-copy-id` installs public keys on a server, and `openssl` can be used when you need raw DER output or alternate digest tools for integration into scripts or audit workflows. Wrap-up and next steps Generating and comparing fingerprints is a fast habit that prevents man-in-the-middle surprises and eases troubleshooting; practice the commands on test hosts and add fingerprint checks to deployment playbooks to make them repeatable. Consider deepening Linux knowledge and aiming for certifications like CompTIA Linux+ or LPIC-1 with focused exam prep at bitsandbytes.academy. Join Bits & Bytes Academy First class LINUX exam preparation. security network utilities
