diff --git a/scripts/ssh-server-check.sh b/scripts/ssh-server-check.sh
index 33da533..ad9cc10 100755
--- a/scripts/ssh-server-check.sh
+++ b/scripts/ssh-server-check.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
 
 ssh_config_val() {
     local field="$1"
@@ -30,4 +30,32 @@ check_ssh_files() {
     done
 }
 
+ssh_fingerprint() {
+	local field="$1"
+	local ca_path
+
+	if [[ -z "$field" ]]; then
+        echo "usage: ssh_fingerprint <trusteduserca|hostcertificate|...>" >&2
+        return 2
+    fi
+
+    cfg_path=$(ssh_config_val $field)
+
+    if [[ -z "$cfg_path" ]]; then
+        echo "error: sshd field '$field' not found or empty" >&2
+        return 1
+    fi
+
+    if [[ ! -r "$cfg_path" ]]; then
+        echo "error: file not readable: $cfg_path" >&2
+        return 1
+    fi
+
+    ssh-keygen -lf "$cfg_path" | awk '{ print $2 }'
+}
+
 check_ssh_files
+
+echo ""
+echo "Host certificate fingerprint"
+ssh_fingerprint hostkey