#!/bin/bash
# from: https://awbmilne.github.io/blog/SSH-Host-Fallback/
# Takes 2 arguments: a hostname and an ssh fingerprint
# Retrieves all fingerprints from hostname and compares
# to see if the fingerprint passed in is part of them.
# If it is, returns true; if not, false.
# Can be used for more secure matching on hostname availability
# in sshconfig than e.g. nc ip matching.
#
# To find your keys fingerprint, one option is just connecting
# via `ssh -v` and looking for the fingerprint there.

fingerprints=$(ssh-keygen -lf <(ssh-keyscan "$1" 2>/dev/null))

for fingerprint in $fingerprints; do
    if [ "$fingerprint" == "$2" ]; then
        exit 0
    fi
done

exit 1