Bash - print fingerprints for SSHD keys (md5, sha-1, sha-A256 fingerprints)

In this short article, we would like to show how using Bash, get a fingerprint for any certificate used by SSH server under Debian.

Simple steps:

1. list keys in /etc/ssh directory with the following command:

   ls -al /etc/ssh

   Example output:

   total 600
   drwxr-xr-x  2 root root   4096 Jun 19 17:22 .
   drwxr-xr-x 79 root root   4096 Sep 15 08:44 ..
   -rw-r--r--  1 root root 565189 Jan 31  2020 moduli
   -rw-r--r--  1 root root   1580 Jan 31  2020 ssh_config
   -rw-r--r--  1 root root   3233 May 29 13:40 sshd_config
   -rw-------  1 root root   1381 May 29 12:05 ssh_host_dsa_key
   -rw-r--r--  1 root root    607 May 29 12:05 ssh_host_dsa_key.pub
   -rw-------  1 root root    513 May 29 12:05 ssh_host_ecdsa_key
   -rw-r--r--  1 root root    179 May 29 12:05 ssh_host_ecdsa_key.pub
   -rw-------  1 root root    411 May 29 12:05 ssh_host_ed25519_key
   -rw-r--r--  1 root root     99 May 29 12:05 ssh_host_ed25519_key.pub
   -rw-------  1 root root   1823 May 29 12:05 ssh_host_rsa_key
   -rw-r--r--  1 root root    399 May 29 12:05 ssh_host_rsa_key.pub

2. select one key and print fingerprints with the following commands:

   ssh-keygen -l -E md5 -f /etc/ssh/ssh_host_rsa_key.pub
   ssh-keygen -l -E sha1 -f /etc/ssh/ssh_host_rsa_key.pub
   ssh-keygen -l -E sha256 -f /etc/ssh/ssh_host_rsa_key.pub

   Example output:

   2048 MD5:9a:f3:d8:2a:fa:54:80:46:1b:63:52:7d:2f:37:f8:b5 root@my-server (RSA)
   2048 SHA1:X0NYsrgjgSINFEZkWuNOogbImPP root@my-server (RSA)
   2048 SHA256:iJcZp8p1XlTJFpsQfDb5fEwGzt2vPsshm43hi+tQU2V root@my-server (RSA)

Hint: in the presented results, /etc/ssh/ssh_host_rsa_key.pub file contained only one key.

See also

1. SSH - verify used local and server key fingerprints (Windows - Linux connection verification)