How to view the fingerprint of the ssh host key

This way, ready to copy and paste:

ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key


It already takes a lot of resources to recall that to see the host key fingerprint you need to run something called 'keygen'. Then ssh-keygen doesn't support --help: it will try to generate a new key instead. We're in 2008. There should be a law against this sort of behaviour.

To figure out how to see the host key, you need to dig through a long manpage with no examples section. ssh-keygen does have commandline help, but does not implement any switch to invoke it (check the getopt invocation in the source code if you don't believe me). It will however show commandline help when given an unrecognised option, so it will mutter but at least give you love if you ask for it:

$ ssh-keygen -♥
ssh-keygen: illegal option --
Usage: ssh-keygen [options]

After figuring out that it's -l -f, you still have to go and fish the file wherever it is. And luckily we had the recent Debian openssh problems, so now I can get the fingerprint of the RSA file only and be done with it.

But thanks to this blog entry, no more of that, at last.