The ssh-keyscan command can be used to get public certificates from an SSH server. In this example, the public certificates from SSH server server1.example.com will be obtained.
The prior command should produce output like this.
server1.example.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMwKQuwRNdPMrcw6keHLMiVwPJWvy0XVqaybWxqQQ5ll
Often, this command is used to append the public certificates from an SSH server to your known_hosts file, so that are not presented with the following message when attempting to make an SSH connection to the SSH server.
~]# ssh email@example.com The authenticity of host 'server1 (192.168.0.5)' can't be established DSA key fingerprint is BB37 83F2 5E3A 7A4C 6C84 F047 D97B DD4E 38BB 2082 Are you sure you want to continue connecting (yes/no)?
When the objective is to append the public certificates from an SSH server to your known_hosts file, redirection can be used to perform this task, like this.
ssh-keyscan server1.example.com >> $HOME/.ssh/known_hosts