How to find SFTP server fingerprints?

Finding the SFTP public host key fingerprints after accessing your transfer site.

The easiest way to get an SFTP fingerprint is to connect to a server for the first time, and there will be a warning that this is a new host, and the fingerprint will be presented. For example, connect to transfer6.silverpop.com for the first time and you will get this type of warning:

$ sftp transfer6.silverpop.com

The authenticity of host 'transfer6.silverpop.com (108.168.255.75)' can't be established.

RSA key fingerprint is a0:92:74:7e:43:c6:59:60:70:c5:17:72:24:77:31:db.

Are you sure you want to continue connecting (yes/no)?

The fingerprint is presented in this example in "MD5" format. Other operating system versions might instead present the "SHA256" format, which for transfer6.silverpop.com would be: yRXEeqtB90c8QrGzwTzi9lSGSusQaIB+Ur4s+QUgKlc

Here's a list of the fingerprints for each transfer service in SHA256 format:

SHA256

transfer1.silverpop.com iTnDxA3uGt0BTnrwkJH483qkQp3dlFQY52kWojlRIpY

transfer2.silverpop.com 6yOzlZFlkia5VxnV7saotxUgR28O8oh2NGysxsJP2Jc

transfer3.silverpop.com 0zvR7N4XQ4F8JdZIFWLNiasNf8H4u4BEmqrKn/8L72A

transfer4.silverpop.com 3h1Baj99GnRzaPIA/dja8cHYEyaBzTSy/TDOhjj6/sw

transfer5.silverpop.com EVEfkS8+tiLh1yles/B4rggpbY4FQe9vPrIA1kbmTXI

transfer6.silverpop.com yRXEeqtB90c8QrGzwTzi9lSGSusQaIB+Ur4s+QUgKlc

transfer7.silverpop.com kgxy2iO8m3RZB/5LDTrPYsigKHQ5PAvbG6gn/XuQfmc

transfer8.silverpop.com oTxf2GTqa9xDUoYTTVR9gqcUvlHAVo7qD0F9NfPit9s

transfer9.silverpop.com DHYBBzOPJEG19XIgyoz0o5O6uBNjiFCy5rSpLsIzhFU

transfera.silverpop.com AXKk3o8YgUHuGe9cTpD9Df2G6xMRwutI77FsOgaJtT0

When you accept a fingerprint, your sftp client will store the fingerprint and not warn on future connections - unless the fingerprint changes, which isn't something that should happen. You can do the same thing with a GUI program and it will warn with the fingerprint in one or both of the above formats.

For reference, the commands used (assuming a Bash environment):

Function to output the fingerprint for a given hostname (format output will depend on your system):

$ function f { ssh-keyscan $1 > /tmp/tf 2>/dev/null && ssh-keygen -lf /tmp/tf && rm /tmp/tf ; }

List all the fingerprints (SHA256 output example):

$ for e in transfer{{1..9},a}.silverpop.com; do f $e; done

1024 SHA256:iTnDxA3uGt0BTnrwkJH483qkQp3dlFQY52kWojlRIpY transfer1.silverpop.com (RSA)

1024 SHA256:6yOzlZFlkia5VxnV7saotxUgR28O8oh2NGysxsJP2Jc transfer2.silverpop.com (RSA)

2048 SHA256:0zvR7N4XQ4F8JdZIFWLNiasNf8H4u4BEmqrKn/8L72A transfer3.silverpop.com (RSA)

1024 SHA256:3h1Baj99GnRzaPIA/dja8cHYEyaBzTSy/TDOhjj6/sw transfer4.silverpop.com (RSA)

2048 SHA256:EVEfkS8+tiLh1yles/B4rggpbY4FQe9vPrIA1kbmTXI transfer5.silverpop.com (RSA)

2048 SHA256:yRXEeqtB90c8QrGzwTzi9lSGSusQaIB+Ur4s+QUgKlc transfer6.silverpop.com (RSA)

2048 SHA256:kgxy2iO8m3RZB/5LDTrPYsigKHQ5PAvbG6gn/XuQfmc transfer7.silverpop.com (RSA)

2048 SHA256:oTxf2GTqa9xDUoYTTVR9gqcUvlHAVo7qD0F9NfPit9s transfer8.silverpop.com (RSA)

2048 SHA256:DHYBBzOPJEG19XIgyoz0o5O6uBNjiFCy5rSpLsIzhFU transfer9.silverpop.com (RSA)

2048 SHA256:AXKk3o8YgUHuGe9cTpD9Df2G6xMRwutI77FsOgaJtT0 transfera.silverpop.com (RSA)

Note: These descriptions are based around command-line examples, but the concepts and practices will be similar for GUI-based SFTP programs such as WinSCP, FileZilla, etc.