About SSH Public-Key Inspector

Parses the binary structure embedded in an OpenSSH public-key line, then calculates the same SHA-256 fingerprint form commonly shown by OpenSSH, a legacy MD5 fingerprint for comparison, deterministic randomart, and a SHA-256 SSHFP record. Processing happens entirely in this browser tab.

  • Supports RSA, Ed25519, and NIST P-256, P-384, and P-521 ECDSA public keys.
  • Accepts authorized_keys options before the recognized key type.
  • Rejects PEM and OpenSSH private-key blocks and limits decoded blobs to 64 KB.
  • Does not contact a host, validate ownership, publish DNS, or retain pasted keys.

Frequently Asked Questions

Why include MD5?
Some older systems still display colon-delimited MD5 fingerprints. It is provided only for matching legacy output; SHA-256 should be the primary comparison.
Does an SSHFP record make a key trusted?
Not by itself. Verify the source key first, and use DNSSEC if SSH clients are expected to authenticate the DNS record.

More Networking & IT Tools

All Networking & IT tools