If you receive a message from a Secure Shell (SSH) or Secure File Transfer Protocol (SFTP) application regarding the host key of the server to which you are attempting to connect being unknown or changed, such as the message from WinSCP below, you can check the server's public host key on the server itself, if it is a Linux server, using the ssh-keygen utility.
$ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub 2048 96:f3:8b:03:13:06:13:4d:3c:7c:4b:fa:94:33:90:83 (RSA) $
The -l option shows the fingerprint of a specified public key file.
Private RSA1 keys are also supported. For
RSA
and DSA keys, ssh-keygen tries to find the matching public key
file and prints its fingerprint. If the -l option is combined
with -v, an ASCII art representation of the key is supplied with
the fingerprint. The -f filename option allows you to
specify the file name of the key file.
The ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub command isn't
showing the key itself, but instead shows the
"fingerprint" for
the key, which is a sequence of 32
hexadecimal
digits. You can see the much larger key value itself by issuing the
command cat /etc/ssh/ssh_host_rsa_key.pub.
