Skip to content

Check and Verify SSH fingerprints

Once you SSH into a remote server, server fingerprint and key are added to ~/.ssh/known_hosts file. This file contains a list of remote servers you've connected to in the past. File ensures that you are connected to the correct server and not a fake impersonator.

If you try connecting to a remote host with an IP previously assigned to another machine, you'll get a host mismatch error. This is because the remote host fingerprint does not match to your known_hosts file.

# Find the remote host fingerprint on server
$ ssh root@104.105.103.102
root@instance:~# ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub

-l - tells the keygen that we want the fingerprint
-f - tell the keygen where to find the public key

# Remove all the keys related to a remote host machine
$ ssh-keygen -R 104.105.103.102

# Find the remote host fingerprint on local machine
$ ssh root@104.105.103.102

# With first time connections, the server shows its fingerprint. Match this to the one you found on the server