diff --git a/post-install.sh b/post-install.sh
index 7cb5149..77116aa 100755
--- a/post-install.sh
+++ b/post-install.sh
@@ -441,6 +441,24 @@ echo "[+] Setting SELinux to enforcing..."
 sed -i 's/^SELINUX=.*/SELINUX=enforcing/' /etc/selinux/config
 
 echo "✅ Post-installation complete!"
+echo ""
+
+# Display SSH host key fingerprints
+echo "SSH Host Key Fingerprints:"
+if [ -f "/etc/ssh/ssh_host_ed25519_key.pub" ] && command -v ssh-keygen >/dev/null 2>&1; then
+    ed25519_fp=$(ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub -E sha256 2>/dev/null | awk '{print $2}')
+    if [ -n "$ed25519_fp" ]; then
+        echo "  Normal SSH (ED25519): $ed25519_fp"
+    fi
+fi
+
+if [ -f "/etc/dropbear/dropbear_ed25519_host_key" ] && command -v ssh-keygen >/dev/null 2>&1; then
+    dropbear_fp=$(dropbearkey -y -f /etc/dropbear/dropbear_ed25519_host_key 2>/dev/null | ssh-keygen -lf - -E sha256 2>/dev/null | awk '{print $2}')
+    if [ -n "$dropbear_fp" ]; then
+        echo "  Rescue SSH (ED25519):  $dropbear_fp"
+    fi
+fi
+
 echo ""
 echo "IMPORTANT: The LUKS passphrase is set in install.conf"
 echo "Save it securely for recovery purposes."