Display SSH host key fingerprints at end of installation

- Show SHA256 fingerprints for both normal and rescue SSH keys
- Helps distinguish between dropbear (rescue) and OpenSSH (normal)
- Makes it easy to verify host keys on first connection

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

post-install.sh

@@ -441,6 +441,24 @@ echo "[+] Setting SELinux to enforcing..."
 sed -i 's/^SELINUX=.*/SELINUX=enforcing/' /etc/selinux/config
 
 echo "✅ Post-installation complete!"
+echo ""
+
+# Display SSH host key fingerprints
+echo "SSH Host Key Fingerprints:"
+if [ -f "/etc/ssh/ssh_host_ed25519_key.pub" ] && command -v ssh-keygen >/dev/null 2>&1; then
+    ed25519_fp=$(ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub -E sha256 2>/dev/null | awk '{print $2}')
+    if [ -n "$ed25519_fp" ]; then
+        echo "  Normal SSH (ED25519): $ed25519_fp"
+    fi
+fi
+
+if [ -f "/etc/dropbear/dropbear_ed25519_host_key" ] && command -v ssh-keygen >/dev/null 2>&1; then
+    dropbear_fp=$(dropbearkey -y -f /etc/dropbear/dropbear_ed25519_host_key 2>/dev/null | ssh-keygen -lf - -E sha256 2>/dev/null | awk '{print $2}')
+    if [ -n "$dropbear_fp" ]; then
+        echo "  Rescue SSH (ED25519):  $dropbear_fp"
+    fi
+fi
+
 echo ""
 echo "IMPORTANT: The LUKS passphrase is set in install.conf"
 echo "Save it securely for recovery purposes."