About the SSH host key fingerprint

This topic was edited by a BMC Contributor and has not been approved.  More information.

While creating one of the following data collectors, you need to provide an SSH host key fingerprint:

A host key fingerprint is also known as RSA key, host key, and key fingerprint.
Every SSH server is configured to use a host key to verify that the client is connecting to the correct host. The SSH server administrator provides the host key fingerprint to the various clients. The clients are expected to manually verify the host key while connecting to the server using any SSH client.

Example of a typical host key fingerprint


Finding the host key fingerprint

The following tables lists various ways to find to the host key fingerprint that you will need to provide as an input when you are creating a data collector:

1Get the fingerprint from the SSH server administrator. This is the most reliable way to get the correct host key fingerprint.

As an SSH server administrator, use the following steps to find the host key fingerprint on a Linux computer:

  1. Find the SSH server configuration file available at /etc/ssh/sshd_config.

  2. Find the SSH protocol used. You can do this by looking for the protocol property in the SSH server configuration.

    # Disable legacy (protocol version 1) support in the server for new
    # installations. In future the default will change to require explicit
    # activation of protocol 1
    Protocol 2
  3. Find the HostKey property configured in the SSH server configuration file based on the protocol configured in the preceding step.

    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
  4. Use the following command:

    ssh-keygen -l -f <HostKeyFileName>

    The <HostKeyFileName> must be passed as an argument.

  5. Select the RSA key file.

  6. If the HostKey property is missing, the property value defaults to /etc/ssh/ssh_host_rsa_key.

    Example of the command output
    [root@clm-pun-004502 ssh]# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
    2048 97:3c:ae:76:73:f3:ef:a7:18:02:6a:c6:57:43:82:f6 /etc/ssh/ssh_host_rsa_key.pub (RSA)

    From the preceding output, you need to copy the following portion as the host key fingerprint:


 Use the following steps to procure the host key fingerprint:

  1. Navigate to the known_hosts location, as follows:

    • Linux:  ~/.ssh/known_hosts

    • Windows (Putty): When you try to connect to the SSH server using an SSH client such as Putty, select Event Log from the system menu. From the list of event log entries displayed, go to the line that starts with ssh-rsa and copy the fingerprint portion.

  2. Ensure that the target host entry is removed from the known_hosts location.

  3. Copy the host key fingerprint displayed to use as an input while creating the data collector.


    The fingerprint is not displayed if the host is already in the known_hosts file of the client.

Was this page helpful? Yes No Submitting... Thank you