GitHub SSH Keys: Public Key vs Fingerprint

When using multiple GitHub accounts, it is easy to lose track of which key in ~/.ssh belongs to which profile.

The key point: GitHub shows the SSH fingerprint, not sha256sum of *.pub file.

§Public key vs fingerprint

A .pub file contains the full public key in text form, usually like this:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... alice@laptop

• ssh-ed25519 is the key type
• AAAAC3... is the Base64-encoded key material
• alice@laptop is a comment

A fingerprint is a short identifier derived from the key material. Example:

SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

These commands do different things:

• sha256sum ~/.ssh/id_ed25519.pub hashes the raw file bytes (including comment/newline)
• ssh-keygen -lf ~/.ssh/id_ed25519.pub -E sha256 computes the SSH key fingerprint GitHub-style

The second command computes the fingerprint GitHub displays.

§How to match local keys to GitHub profiles

1. List local public keys:

ls ~/.ssh/*.pub

2. Print fingerprints for each one:

for key in ~/.ssh/*.pub; do
  ssh-keygen -lf "$key" -E sha256
done

Example output:

256 SHA256:abc...123 alice@personal-laptop (ED25519)
256 SHA256:def...456 alice@work-laptop (ED25519)

3. In each GitHub account, open Settings -> SSH and GPG keys and compare the SHA256:... value.

A matching fingerprint identifies the local key for that GitHub profile.

§TL;DR

Use this command to compare with GitHub:

ssh-keygen -lf ~/.ssh/id_ed25519.pub -E sha256

Do not use sha256sum if the goal is to match GitHub’s SSH key display.