Is this a real SSH key fingerprint?

No. The fingerprint is random bytes formatted exactly like a real SSH fingerprint. It corresponds to no actual key, so it is safe placeholder data for testing UIs and configuration, never for granting access.

What is the difference between the MD5 and SHA256 formats?

Older OpenSSH versions displayed an MD5 fingerprint as 16 colon-separated hex bytes, often prefixed with MD5:. Modern OpenSSH shows a SHA256 fingerprint as unpadded base64 prefixed with SHA256:. The format is a display choice over the same hashing idea.

Why does the SHA256 form drop the padding?

OpenSSH renders the 32-byte SHA-256 digest as base64 and strips the trailing equals padding, which is why a SHA256 fingerprint ends abruptly. This tool reproduces that exact convention so the string matches real output.

What does the key type label mean?

SSH keys come in types such as RSA, ECDSA, and ED25519. Tools often show the type and bit size alongside the fingerprint. The label here is cosmetic context and does not change the random bytes that make up the fingerprint.

Are the bytes random?

Yes. The tool uses the browser Web Crypto random generator, so each fingerprint is unpredictable. It is still a placeholder, not the hash of any real public key, and must never be added to an authorized_keys or known_hosts trust list.

Fake SSH Key Fingerprint Generator

Generate SSH key fingerprints in both the legacy MD5 colon-hex form and the modern SHA256 base64 form, from cryptographically random bytes. Ideal for populating SSH key management screens and deployment config with realistic placeholders.

How it works

OpenSSH fingerprints a public key by hashing its blob and displaying the digest. Two display conventions exist:

MD5     16 bytes -> "MD5:" + colon-separated lowercase hex
SHA256  32 bytes -> "SHA256:" + unpadded base64

The tool draws the right number of random bytes from Web Crypto and renders them in the chosen convention, including the modern habit of stripping the base64 = padding. The bytes are random, not a hash of any real key, so the result is a safe stand-in.

Tips and notes

Match the format to your OpenSSH era: very old clients showed MD5 by default, while current ones default to SHA256. The optional key-type label (RSA, ECDSA, ED25519) is cosmetic — never add a generated fingerprint to known_hosts or authorized_keys, since it authenticates nothing.