diff --git a/libexec/rc/rc.d/sshd b/libexec/rc/rc.d/sshd
--- a/libexec/rc/rc.d/sshd
+++ b/libexec/rc/rc.d/sshd
@@ -17,8 +17,9 @@
 reload_precmd="sshd_configtest"
 restart_precmd="sshd_configtest"
 configtest_cmd="sshd_configtest"
+showfp_cmd="sshd_showfp"
 pidfile="/var/run/${name}.pid"
-extra_commands="configtest keygen reload"
+extra_commands="configtest keygen reload showfp"
 
 : ${sshd_rsa_enable:="yes"}
 : ${sshd_ecdsa_enable:="yes"}
@@ -61,7 +62,29 @@
 
 	echo "Generating $ALG host key."
 	/usr/bin/ssh-keygen -q -t $alg -f "$keyfile" -N ""
-	/usr/bin/ssh-keygen -l -f "$keyfile.pub"
+}
+
+sshd_showfp_alg()
+{
+	local alg=$1
+	local ALG="$(echo $alg | tr a-z A-Z)"
+	local pubkeyfile="/etc/ssh/ssh_host_${alg}_key.pub"
+
+	if ! checkyesno "sshd_${alg}_enable" ; then
+		return 0
+	fi
+
+	if [ ! -f "${pubkeyfile}" ] ; then
+		warn "$ALG host key does not exist."
+		return 1
+	fi
+
+	if [ ! -x /usr/bin/ssh-keygen ] ; then
+		warn "/usr/bin/ssh-keygen does not exist."
+		return 1
+	fi
+
+	/usr/bin/ssh-keygen -l -f "${pubkeyfile}"
 }
 
 sshd_keygen()
@@ -77,10 +100,20 @@
 	eval ${command} ${sshd_flags} -t
 }
 
+sshd_showfp()
+{
+	echo '-----BEGIN SSH HOST KEY FINGERPRINTS-----'
+	sshd_showfp_alg rsa
+	sshd_showfp_alg ecdsa
+	sshd_showfp_alg ed25519
+	echo '-----END SSH HOST KEY FINGERPRINTS-----'
+}
+
 sshd_precmd()
 {
 	run_rc_command keygen
 	run_rc_command configtest
+	run_rc_command showfp
 }
 
 load_rc_config $name