Wait, I found it. Run the command:

等等，我找到了。运行命令：

ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub

With a recent ssh (OpenSSH_6.0p1, OpenSSL 1.0.0j 10 May 2012), I scripted it like this:

使用最近的 ssh（OpenSSH_6.0p1，OpenSSL 1.0.0j 2012 年 5 月 10 日），我编写了这样的脚本：

ssh-keyscan -t ecdsa localhost 2>&1 | grep ecdsa
localhost ecdsa-sha2-nistp256 AAAAE2VlongKey...=

Notes:

笔记：

• if your sshd runs on a custom port, add '-p portNumber' to the ssh-keyscancommand)
• ssh-keyscanwrites on stderr, not stdout(!), hence the bashredirection '2>&1' (that can vary depending on your shell)

• 如果您的 sshd 在自定义端口上运行，请-p portNumber在ssh-keyscan命令中添加“ ” ）
• ssh-keyscan写入stderr，而不是stdout（！），因此bash重定向“ 2>&1”（可能因您的外壳而异）

That is the line I added to my ~/.ssh/known_hostsfile in order to authorize ssh requests from localhost for my tests (mainly for gitolite, which uses ssh).

这是我添加到我的~/.ssh/known_hosts文件中的行，以便为我的测试授权来自 localhost 的 ssh 请求（主要用于使用 ssh 的 gitolite）。

Daniel B?hmerconfirms in the comments:

Daniel B?hmer在评论中确认：

• ssh-keyscanprovides the full public key(s) of the SSH server
• the output of ssh-keygenis nearly identical to the format of the public key files.
  Just remove the 1st column (IP address or hostname) and save that or pipe it to ssh-keygen -lwhich presents the fingerprint.

• ssh-keyscan提供 SSH 服务器的完整公钥
• 的输出ssh-keygen几乎与公钥文件的格式相同。
  只需删除第一列（IP 地址或主机名）并保存或通过管道将其传送到ssh-keygen -l显示指纹的位置。

Daniel adds:

丹尼尔补充说：

Show fingerprints of all server public keys stored in ~/.ssh/know_hosts:

显示存储在的所有服务器公钥的指纹~/.ssh/know_hosts：

cut -d' ' -f2- ~/.ssh/known_hosts | while read line; do echo "$line" | ssh-keygen -lf-; done

On my system I need to specify an MD5 key instead of the default SHA256:

在我的系统上，我需要指定一个 MD5 密钥而不是默认的 SHA256：

ssh-keygen -l -E md5 -f /etc/ssh/ssh_host_ecdsa_key.pub

This output a string in a format that matched the error I saw on the client.

这会以与我在客户端上看到的错误相匹配的格式输出一个字符串。

Commands used

使用的命令

• Display ascii-art of the public host key stored on the server (to be done on server side, the one you connect TO via ssh):

  ssh-keygen -l -v -f /etc/ssh/ssh_host_ecdsa_key.pub
  

  -l: Show fingerprint of specified public key file.

  -v: visual (ascii-art)

  -f: file

• Display ascii-art of remote server public host key (to be done on client side, the one you connect FROM via ssh):

  ssh -o visualhostkey=yes -o FingerprintHash=md5 <host_server_to_connect>
  

  -o: option

  visualhostkey: visual (ascii-art)

  FingerprintHash: hash algo to use

• 显示存储在服务器上的公共主机密钥的 ascii-art（在服务器端完成，您通过 ssh 连接到的那个）：

  ssh-keygen -l -v -f /etc/ssh/ssh_host_ecdsa_key.pub
  

  -l: 显示指定公钥文件的指纹。

  -v: 视觉 (ascii-art)

  -f: 文件

• 显示远程服务器公共主机密钥的 ascii-art（在客户端完成，您通过 ssh 连接的那个）：

  ssh -o visualhostkey=yes -o FingerprintHash=md5 <host_server_to_connect>
  

  -o: 选项

  visualhostkey: 视觉 (ascii-art)

  FingerprintHash：要使用的哈希算法

What to do to check the authenticity of a host/server

如何检查主机/服务器的真实性

First, 1. is to be done locally on the server (the one you want to connect TO via ssh ): it will give you a first ascii-art. Print it or take a picture.

首先， 1. 是在服务器本地完成（你想通过 ssh 连接到的那个）：它会给你一个第一个 ascii-art。打印或拍照。

Second, 2. is to be done at the first SSH connexion; it will display a second ascii-art. If the ascii-art is the same, then you can answer yesto the "do I trust?"question (i.e. Are you sure you want to continue connecting (yes/no)).

二、2.是在第一次SSH连接时进行；它将显示第二个 ascii-art。如果 ascii-art 是相同的，那么您可以对“我信任吗？”回答是。问题（即Are you sure you want to continue connecting (yes/no)）。

Example

例子

• Server side

• 服务器端

$ ssh-keygen -l -v -f /etc/ssh/ssh_host_ecdsa_key.pub
256 2e:a6:b3:27:14:12:0b:79:df:9a:7f:bd:4d:b1:e0:b6   (ECDSA)
+--[ECDSA  256]---+
| .               |
|o o              |
| o + .           |
|  o o .          |
|   . +  S . .    |
|    +  . . . o   |
|   . .o ..o o    |
|    ooo....+     |
|    o= .  E..    |
+-----------------+

• Client side

• 客户端

$ ssh -o visualhostkey=yes -o FingerprintHash=md5 192.168.12.211
The authenticity of host '192.168.12.211 (192.168.12.211)' can't be established.
ECDSA key fingerprint is MD5:2e:a6:b3:27:14:12:0b:79:df:9a:7f:bd:4d:b1:e0:b6.
+---[ECDSA 256]---+
| .               |
|o o              |
| o + .           |
|  o o .          |
|   . +  S . .    |
|    +  . . . o   |
|   . .o ..o o    |
|    ooo....+     |
|    o= .  E..    |
+------[MD5]------+
Are you sure you want to continue connecting (yes/no)? 

Some more explanation

更多解释

The first command will display the ascii-art corresponding to the fingerprint of the file you give as input. The file you give as input is the public hostkey of the server. When a client connect (not only for the first time), the server will sent its public host key. This public host key will be searched in ~/.ssh/known_hosts. If the public key is in the file, then it's ok: the host (server) is known, so we move on to the next step to authentificate the user (user auth is not described in this post). If the public key is not in the file, then the client will compute the fingerprint of this public host key with a hash algorithm (a different hash algo will give a different fingerprint). This fingerprint previously calculated is displayed (along with the ascii-art if corresponding option provided) and you will have to answer yes or no depending on you recognising this fingerprint or no (this fingerprint is the image/hash of the public host key of the server). If you say yes, then the bublic key of the server (not its fingerprint) will be added to the file ~/.ssh/known_hosts.

第一个命令将显示与您作为输入提供的文件指纹相对应的 ascii-art。您作为输入提供的文件是服务器的公共主机密钥。当客户端连接时（不仅是第一次），服务器将发送其公共主机密钥。此公共主机密钥将在~/.ssh/known_hosts. 如果公钥在文件中，那就没问题：主机（服务器）是已知的，所以我们继续下一步对用户进行身份验证（本文未描述用户身份验证）。如果公钥不在文件中，则客户端将使用哈希算法计算此公钥的指纹（不同的哈希算法将给出不同的指纹）。显示先前计算的此指纹（如果提供相应选项，则与 ascii-art 一起显示），您必须根据您识别此指纹或否来回答是或否（此指纹是公共主机密钥的图像/哈希）服务器）。如果你说是，那么服务器的公钥（不是它的指纹）将被添加到文件中~/.ssh/known_hosts。

We can notice that ~/.ssh/known_hostsis under you home (~) directory, because youtrust this host (server), but a different user may not trust the same as you. Also, the host public key of the server is not user-dependent, so it is stored in /etc/ssh/.

我们可以注意到~/.ssh/known_hosts在你家（~）目录下，因为你信任这个主机（服务器），但是不同的用户可能和你不一样信任。此外，服务器的主机公钥不依赖于用户，因此它存储在/etc/ssh/.

The second command will display the fingerprint and the ascii-art of the public key received from the host_server_to_connect(according to the hash algo given in options). It is the same as doing only ssh, but with more visual options, so the connection will continue the same way as a normal ssh connexion.

第二个命令将显示从host_server_to_connect接收到的公钥的指纹和 ascii-art （根据选项中给出的哈希算法）。它与仅执行 ssh 相同，但具有更多视觉选项，因此连接将以与普通 ssh 连接相同的方式继续。