Will & Skill Developers

Will & Skill Developers

Thoughts, snippets and ideas from the team at Will & Skill AB, Stockholm.

Faisal Mahmud

“The mind is not a vessel to be filled, but a fire to be kindled.” ― Plutarch


How to get your host key fingerprint on an Ubuntu 14.04 server

Faisal MahmudFaisal Mahmud

What is a fingerprint?

Your SSH server has a unique fingerprint that is generated using a server's unique host key in order to identify the server to a client.

Why does this matter?

Whenever you make a connection to an SSH server You want to make sure that you are connecting to the right server.

If you get a warning where your client is saying that the host key cannot be verified or that is has changed you need to make sure to verify the fingerprint.


Run the command below

ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub  

The expected output should be

2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /etc/ssh/ssh_host_rsa_key.pub (RSA)  

How do I make sure that I am connecting to the correct server?

If you are using a Mac or Linux machine you should be able to find the known_hosts file in ~/.ssh/known_hosts

The file should look something like ssh-rsa Alongstringwithalphanumeric... ssh-rsa Anotherlongstringwithalphan...  

How do I verify the servers fingerprint?

  1. Ask the server owner what the fingerprint is
  2. Remove the corresponding line from ~/.ssh/known_hosts, ie if you are connecting to server with IP then you need to remove the line that starts with IP in ~/.ssh/known_hosts
  3. Run ssh youruser@ and make sure that the fingerprint matches the one you got from the server owner in Step 1 above.

The output should be something like

The authenticity of host ' (' can't be established.  
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.  
Are you sure you want to continue connecting (yes/no)?  
Faisal Mahmud

Faisal Mahmud

“The mind is not a vessel to be filled, but a fire to be kindled.” ― Plutarch