How to I show my SSH fingerprint with colons?

The newer version of ssh-keygen uses SHA256 hash to generate the fingerprint, whereas the older ones used an MD5 hash, which has the “cute widdle colons” between every pair of characters in the hash/fingerprint.

Probably your favorite web service shows the MD5-style hash, with the colons in it. To generate this for your SSH key, use this command line:

ssh-keygen -l -E md5 -f ~/.ssh/


  • -l means generate the fingerprint
  • -E means choose the type of hash to use for the fingerprint. You can choose md5, or sha256. sha256 is the default now.
  • -f means choose the file to operate on

Output in md5 mode:

ssh-keygen -l -E md5 -f ~/.ssh/ 
2048 MD5:4a:0d:2e:64:10:b5:d2:72:4b:7b:88:ea:9e:21:00:58 rob@Blink (RSA)

Default output:

ssh-keygen -l -f ~/.ssh/ 
2048 SHA256:EFFdf8lqlnQ9HjLh849RIioZzkr0txro8FR+Eqh6rMo rob@Blink (RSA)

About this command line, for inexperienced Linux users:

  • You are using Linux or similar, and therefor your SSH key is in a subdirectory called “.ssh” in your home folder. In the Bash shell, and some other Linux command  line environments, the symbol “~” indicates your home directory.
  • ssh-keygen wants to know what file to process, and you use the “-f” parameter to identify that file.
  • The “-l” parameter means “show the fingerprint”.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s