When you interact with certain remote targets, Hardware Configuration Utility prompts you to verify the SSH host key fingerprint for the target. A host key fingerprint is a hashed cryptographic key for the SSH server running on the target device. Verification consists of entering the known host key fingerprint for comparison with the key that the remote target returns. Verification ensures a secure connection with a verified target.

Obtaining and Storing the Host Key

To initially obtain the host key fingerprint:

  • Add the target device in a controlled environment and record the retrieved fingerprint.
  • Make a direct connection between your PC and the target if possible.

Once you have obtained the host key fingerprint, store it in a secure digital format that you can access while verifying a connection. The process for obtaining or storing keys will vary for individual organizations. Refer to your internal process documentation.

Note You may accept the key returned by the remote target without verification. Connecting to any device, with or without verification, adds the target host key to your known_hosts file.

Performing Host Key Verification

Hardware Configuration Utility prompts you to verify hardware in the following cases:

  • You are adding a remote target as new hardware.
  • You are installing a new system image to a remote target.
  • You are enabling SSH in the target startup settings.

When prompting for verification, Hardware Configuration Utility displays information it detects for the remote target. To verify the connection, paste the host key fingerprint into the Verify fingerprint text box.


The Add Hardware dialog, including text fields for SSH key validation.

Note You may accept the key returned by the remote target without verification. Connecting to any device, with or without verification, adds the target host key to your known_hosts file.

Removing a Key from the known_hosts File

To remove keys from the known_hosts file call ssh-keygen from the shell or command prompt. The ssh-keygen command is commonly supported in Linux and Windows 10 or later.

Use the -F option to list and verify the keys associated with an IP address. Use the -R option to remove all keys associated with an IP address. For additional approaches, consult the help provided by the ssh-keygen command.

The known_hosts file is typically located at the following location:

  • Windows: %USERPROFILE%\.ssh\
  • Linux: ~/.ssh/
The following example removes all keys for the specified IP address: 
 ssh-keygen -R 192.168.0.106