I have been trying to figure out for a while how to determine the fingerprint of a server. I knew that doing ssh-keygen -l -f id_rsa.pub would yield a fingerprint, but I couldn’t figure out where the fingerprint was kept on a server. I don’t know why this was so hard for me to figure out. No amount of googling seemed to be helping me. But after simply doing a `man ssh` on the server, and then searching for the first appearance of “fingerprint” I found this:
When connecting to a server for the first time, a fingerprint of the server’s public key is presented to the user (unless the option StrictHostKeyChecking has been disabled). Fingerprints can be determined using ssh-keygen(1):$ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
If the fingerprint is already known, it can be matched and verified, and the key can be accepted. If the fingerprint is unknown, an alternative method of verification is available: SSH fingerprints verified by DNS. An additional resource record (RR), SSHFP, is added to a zonefile and the connecting client is able to match the fingerprint with that of the key presented.
*Note* that the file is different on a mac, but doing the same man lookup will tell you where it is. Sorry if most of you already knew this.