Resolving Hashed Host Keys

Tectia client tools for z/OS includes a tool to resolve which hashed host key belongs to which server. As there can be several server host keys stored on the client-side host, and the file name does not show the server name in, it is sometimes necessary to check if a certain server public key is stored on the client host.

On the command line, the command syntax is:

ssh-keygen-g3 -F <servername>@<port>

For example:

ssh-keygen-g3 -F server1@222

The tool shows the location and the fingerprint of the requested server's public key or keys (the fingerprint in the SSH babble format). For example:

Fingerprints for key 'server1#222':
  (from location
   /etc/ssh/ssh_known_hosts:1 ("server1 ssh-dss AAAAB3...")
  (from location
   /home/user44/.ssh/known_hosts:2 ("|1|84+eB1qwbSSvSe0GY...")

The port definition is optional in the command. If no port is given, the default Secure Shell port 22 is assumed. For example:

ssh-keygen-g3 -F server2
Fingerprint for key 'server2':
  (from location

If no keys are found for the given server, the ssh-keygen-g3 -F command will report where it looked for the keys, and will conclude as follows:

/ No keys found from any key directories or known_hosts files.