SSH: Finding out ECDSA key fingerprint (both server-side & client-side)

Jul 20, 2021 13:15 · 64 words · 1 minute read

Server-side

1
ssh-keygen -l -E sha256 -f /etc/ssh/ssh_host_ecdsa_key.pub

Client-side

1
ssh -o FingerprintHash=sha256 <SERVER>

Note: If your server does not use the default SSH port 22, you can add the parameter --port <PORT> before the <SERVER> part.

Conclusion

SSH fingerprints protect against Man-In-The-Middle (MITM) attacks. Both fingerprints should be equal to be safe against a MITM attack.

Commands are based on this StackOverflow answer.