Your browser does not allow storing cookies. We recommend enabling them.


Resolving Hashed Host Keys

Tectia Client includes a tool to resolve which hashed host key belongs to which server. As there can be several server host keys stored on the client-side host, and the file name does not show the server name, it is sometimes necessary to check if a certain server public key is stored on the client host.

In Tectia Connections Configuration GUI, the tool is available on the Host Keys page. See Managing Host Keys.

On the command line, the command syntax is:

ssh-keygen-g3 -F host_name[#port]

For example:

ssh-keygen-g3 -F examplehost#222

The host_name can be the fully qualified domain name, short host name, or the IP address of the remote host. The port definition is optional in the command. If no port is given, the default Secure Shell port 22 is assumed.

The tool shows the location, fingerprint (in the SSH babble format) and type (RSA, DSA or ECDSA) of the requested host's public key or keys. For example:

ssh-keygen-g3 -F examplehost
Fingerprint for key 'examplehost':
  (from location
xuvin-zitil-ducid-gevil-vysok-buviz-nynun-pinat-tylev-gusez-dyxix (RSA)

If no keys are found for the given server, the ssh-keygen-g3-F command will report where it looked for the keys, and will conclude as follows:

/ No keys found from any key directories or known_hosts files.

You can define several file locations to be checked for host keys. For more information, see Using the OpenSSH known_hosts File.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now