Back to commands

Linux Survival Basics

Read-only, sensitive output

Scan a Host SSH Key

You need the current presented host key for comparison.

Command

ssh-keyscan -t ed25519 hostname

Before you run this

System impact: Read-only. Output may expose users, paths, tokens, keys, IPs, process arguments, or log details.

When not to use it: Do not trust keyscan output by itself during a possible MITM warning.

Expected output

An SSH public host key line for the requested hostname if reachable.

System impact

Read-only, sensitive output. Nothing changes. The command reads current state and prints diagnostic evidence.

Recovery / rollback: no state is changed.

When to use it

Use only for comparison with trusted fingerprint records.

When not to use it

Do not trust keyscan output by itself during a possible MITM warning.

Example run

Commands shown

These are the commands shown for inspection. Treat them as an example, not proof that your system will behave identically.

  1. ssh-keyscan -t ed25519 hostname
  2. ssh-keyscan -t ed25519 hostname

next steps

Related commands

Linux Survival Basics Sensitive output

Run SSH Verbose Auth Test

Verbose SSH shows which key was offered.

ssh -vvv -o IdentitiesOnly=yes -i ~/.ssh/id_ed25519 user@example.com
Linux Survival Basics Sensitive output

Test SSH with One Identity File

Force one key when the agent offers too many identities.

ssh -o IdentitiesOnly=yes -i ~/.ssh/id_ed25519 user@example.com

next diagnostic step

Where to go from this command

Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • LPIC-1 style command-line practice
  • LFCS style performance-task practice
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.