SSH fingerprint matching issue

I set up an SSH key pair, per the docs. When I ran the command ssh -T git@github.com, I got:

charles@jhegaala:~/.ssh$ ssh -T git@github.com
The authenticity of host 'github.com (192.30.255.112)' can't be established.
RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,192.30.255.112' (RSA) to the list of known hosts.
Hi charlescurley! You've successfully authenticated, but GitHub does not provide shell access.
charles@jhegaala:~/.ssh$ cat github.fingerprint 
Your identification has been saved in github.
Your public key has been saved in github.pub.
The key fingerprint is:
SHA256:tlrg1KzjW1tgZuIs3CBGJuO+t7QPBtsYO0gIs3boQyo charlescurley@charlescurley.com
...

While the key obviously works, the two fingerprints do not match. This is a bit disconcerting, as the doc says that they should. Yet I can use the key to authenticate. A subsequent more verbose login showed that SSH is using the correct key. So what’s with the fingerprints not matching?

It looks like you’re comparing the fingerprint of the key presented by the server with that of your own authentication key. Those are not supposed to match, each side has its own key.

The server fingerprint must match one of those published by Github as the SSH key fingerprints for their servers:

Ah, thank you. That helps. The documentation was not clear, nor did it point to that page. It looks like I should make an edit.

1 Like