diff --git a/scripts/base/protocols/ssh/main.zeek b/scripts/base/protocols/ssh/main.zeek
index 199c80be8c..66dc01d238 100644
--- a/scripts/base/protocols/ssh/main.zeek
+++ b/scripts/base/protocols/ssh/main.zeek
@@ -282,24 +282,12 @@ event ssh_auth_failed(c: connection) &priority=-5
 	event ssh_auth_result(c, F, c$ssh$auth_attempts);
 	}
 
-
-function generate_fingerprint(c: connection, key: string)
+event ssh_server_host_key(c: connection, hash: string) &priority=5
 	{
-	if ( !c?$ssh )
+	if ( ! c?$ssh )
 		return;
 
-	local lx = str_split_indices(md5_hash(key), vector(2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30));
-	c$ssh$host_key = join_string_vec(lx, ":");
-	}
-
-event ssh1_server_host_key(c: connection, modulus: string, exponent: string) &priority=5
-	{
-	generate_fingerprint(c, modulus + exponent);
-	}
-
-event ssh2_server_host_key(c: connection, key: string) &priority=5
-	{
-	generate_fingerprint(c, key);
+	c$ssh$host_key = hash;
 	}
 
 event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) &priority=20
diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac
index 8cbedda91d..a625104917 100644
--- a/src/analyzer/protocol/ssh/ssh-analyzer.pac
+++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac
@@ -157,13 +157,6 @@ refine flow SSH_Flow += {
 
 	function proc_ssh2_server_host_key(key: bytestring): bool
 		%{
-		if ( ssh2_server_host_key )
-			{
-			zeek::BifEvent::enqueue_ssh2_server_host_key(connection()->zeek_analyzer(),
-				connection()->zeek_analyzer()->Conn(),
-				to_stringval(${key}));
-			}
-
 		if ( ssh_server_host_key )
 			{
 			unsigned char digest[MD5_DIGEST_LENGTH];
@@ -174,21 +167,18 @@ refine flow SSH_Flow += {
 				zeek::make_intrusive<zeek::StringVal>(fingerprint_md5(digest)));
 			}
 
+		if ( ssh2_server_host_key )
+			{
+			zeek::BifEvent::enqueue_ssh2_server_host_key(connection()->zeek_analyzer(),
+				connection()->zeek_analyzer()->Conn(),
+				to_stringval(${key}));
+			}
+
 		return true;
 		%}
 
 	function proc_ssh1_server_host_key(exp: bytestring, mod: bytestring): bool
 		%{
-		if ( ssh1_server_host_key )
-			{
-			zeek::BifEvent::enqueue_ssh1_server_host_key(connection()->zeek_analyzer(),
-				connection()->zeek_analyzer()->Conn(),
-				to_stringval(${exp}),
-				to_stringval(${mod}),
-				to_stringval(${mod}),
-				to_stringval(${exp}));
-			}
-
 		if ( ssh_server_host_key )
 			{
 			unsigned char digest[MD5_DIGEST_LENGTH];
@@ -203,6 +193,16 @@ refine flow SSH_Flow += {
 				zeek::make_intrusive<zeek::StringVal>(fingerprint_md5(digest)));
 			}
 
+		if ( ssh1_server_host_key )
+			{
+			zeek::BifEvent::enqueue_ssh1_server_host_key(connection()->zeek_analyzer(),
+				connection()->zeek_analyzer()->Conn(),
+				to_stringval(${exp}),
+				to_stringval(${mod}),
+				to_stringval(${mod}),
+				to_stringval(${exp}));
+			}
+
 		return true;
 		%}
 
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssh.fingerprints/out b/testing/btest/Baseline/scripts.base.protocols.ssh.fingerprints/out
index dd1454e9b1..2dac5bca77 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ssh.fingerprints/out
+++ b/testing/btest/Baseline/scripts.base.protocols.ssh.fingerprints/out
@@ -1,5 +1,5 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-ssh2 server host key fingerprint, c7eb775dd16431d61be8995fa709a1d7
 ssh server host key fingerprint, c7:eb:77:5d:d1:64:31:d6:1b:e8:99:5f:a7:09:a1:d7
-ssh1 server host key fingerprint, 5517ebfa2e7fb37b33427c9d448556da
+ssh2 server host key fingerprint, c7eb775dd16431d61be8995fa709a1d7
 ssh server host key fingerprint, 55:17:eb:fa:2e:7f:b3:7b:33:42:7c:9d:44:85:56:da
+ssh1 server host key fingerprint, 5517ebfa2e7fb37b33427c9d448556da