Where do I get SSH host key fingerprint for use with scripting or .NET assembly?

You should get SSH host key fingerprint along with your credentials from the server administrator. Knowing the host key fingerprint and thus being able to verify it is integral part of securing SSH connection. It prevents man-in-the-middle attacks.


In a real world, most administrators do not provide the host key fingerprint.

In order to obtain the fingerprint yourself you need to connect to the server. Before doing that make any possible precautions to ensure security of your local machine and line to the server. For example if you need to obtain the host key to automate connection to the server from an external site (e.g. from home or client), but you have physical access to the server site, connect from the server site (e.g. your workplace).

You can also ask anyone with physical access to the server (ideally the administrator). Host key is only one and hence the same for all users. Also note that host key fingerprint is generated from public key part of the host key only. So it is not secret and can be safely sent over unencrypted (yet trusted) communication channels.

Once connected, go to Server and Protocol Information Dialog. See the Server Host key Fingerprint box.

A special case is getting hostkey of a server, that you are an administrator of yourself, yet you do not have a direct secure line to connect through. This is common for a virtual servers or servers in a cloud. In such case a server provider should have a specific solution. For example a specialized server in the same private network as your server, with publicly known host keys. You can connected to this specialized server and from it, securely connect to your server (e.g. using SSH terminal). As you are connecting within private network, you can safely accept any host key. Once connected to your server, acquire its hostkey. With that you can finally connect directly yet securely over a public network. Alternatively, the server provider can provide the hostkey via some administrative interface. For example see solution for Amazon EC2 or Google Compute Engine.

  faq_script_hostkey.txt · Last modified: by prikryl

Search Documentation

This page


About donations

$9   $19   $49   $99

About donations



Site design by Black Gate