ECDSA key fingerprint - looks like it is base64 encoded, but too few characters
Solution 1:
The octets-separated-by-colons format is an MD5 fingerprint, not a SHA256 fingerprint. You can't directly convert one to the other (well, you kinda could, perhaps, if you reverse the MD5 fingerprint, but that still takes a bit of CPU power).
That ssh-keygen
is outputting an MD5 fingerprint suggests that that machine may be running a rather old version of OpenSSH, because the default output format these days is SHA256. You can try passing -E sha256
to ssh-keygen
to get it to output a SHA256 hash, in case there's a version that supported SHA256 but defaulted to MD5, and you happen to be running it, but I wouldn't want to say it'll work for sure.
If you can't get your version of ssh-keygen
to output SHA256, the other option is to "downgrade" the SSH client to output an MD5 fingerprint on connection. For that, you need to set -o FingerprintHash=md5
on the command line (or FingerprintHash md5
in the SSH config). Exactly how best to do that, given you're running SSH via git, is left as an exercise for the astute reader. <grin>
Sidebar: the reason why the base64 SHA256 hash isn't the "right" number of characters is because a SHA256 hash isn't the "right" number of characters to fit into a base64 string without some trailing =
signs. Since the last few characters will "always" be =
signs, they just get dropped, which saves a couple of useless characters.