If you're one of those people who refuses to say "yes" to the unknown hostkey warning the first time you ssh to one of our shell machines, here are fingerprints for the hostkeys used on all machines in the shell pool (unix.club.cc.cmu.edu):

TypeFingerprintFingerprint (bubblebabble)
Hostkeyb0:eb:31:de:42:2c:12:4e:af:51:fd:ee:68:28:ed:2axemor-tuzub-detyr-zocis-ratif-nosym-vadyd-rahog-pudyd-gydeh-zixux
RSA Hostkeyba:e4:f6:5f:97:89:20:4f:a7:73:66:26:dd:02:08:6axovid-nytuk-dynis-hoket-nydaf-ramop-minit-bugud-nelik-zehan-zaxyx
DSA Hostkey99:a3:09:f4:dd:4c:0f:84:2f:d7:f8:52:db:9a:b9:e6xefop-serem-zisoz-kucok-mapyz-dylab-cerif-luzis-bofeh-zopek-tixax

This listing is of course, just as worthless as saying "yes" to the unknown hostkey warning, unless you can trust the origin of this page. Hopefully, you are accessing it via SSL. This page should be accessible in a form signed by the computer club CA and in a form signed by the CMU official CA.

An alternative that might avoid this whole issue would be to kinit on a machine you trust using your club principal, then ssh to one of our machines using an ssh client that is kerberos-aware. Our sshd is also kerberos-enabled, and you should be able to log in without a password. As one might expect, there are more than a few quirks in the kerberized ssh negotiation process, so not all clients may be able to log into our machines using this method.