til/unix/check-ssh-key-fingerprints-of-known-hosts.md

Check SSH Key Fingerprints Of Known Hosts

The ssh-keygen utility can do a bunch of things related to SSH keys including generating key pairs, removing a key, and even showing the fingerprints for a public keys file.

After the recent GitHub SSH key rotation, I wanted to check that the key I had added produced a fingerprint matching what they described in the article.

The -l flag will list the fingerprints and the -f flag allows you to specify what file it processes when doing that.

ssh-keygen -lf ~/.ssh/known_hosts

I have a bunch of known hosts, so I can narrow it down to just the GitHub entry like so.

ssh-keygen -lf ~/.ssh/known_hosts | grep github.com
3072 SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s github.com (RSA)

And it matches what GitHub lists, so I'm good to go.

See man ssh-keygen for more details.