diff --git a/lib/functions.sh b/lib/functions.sh
index 0ef2bfa..03e1cf8 100644
--- a/lib/functions.sh
+++ b/lib/functions.sh
@@ -151,25 +151,6 @@ function save-vars {
   rigger-save-vars -f "${RIGGER_VARS_FILE}" ${@}
 }
 
-function setup-ssh-agent {
-  # generate ssh keys if they don't already exist
-  if [ ! -f "${DEIS_TEST_AUTH_KEY_FULL}" ]; then
-    ssh-keygen -t rsa -f "${DEIS_TEST_AUTH_KEY_FULL}" -N ''
-  fi
-
-  if [ ! -f ${HOME}/.ssh/deiskey ]; then
-    ssh-keygen -q -t rsa -f ~/.ssh/deiskey -N '' -C deiskey
-  fi
-
-  # prepare the SSH agent
-  rerun_log "Starting ssh-agent and adding keys..."
-  ssh-add -D 2> /dev/null || eval $(ssh-agent) && ssh-add -D 2> /dev/null
-  ssh-add "${DEIS_TEST_AUTH_KEY_FULL}" 2> /dev/null
-  ssh-add "${DEIS_TEST_SSH_KEY}" 2> /dev/null
-
-  export GIT_SSH="${DEIS_ROOT}/tests/bin/git-ssh-nokeycheck.sh"
-}
-
 function setup-test-hacks {
   # cleanup any stale example applications
   rm -rf ${DEIS_ROOT}/tests/example-*
diff --git a/lib/ssh.sh b/lib/ssh.sh
index dd6e983..117a191 100644
--- a/lib/ssh.sh
+++ b/lib/ssh.sh
@@ -1,7 +1,15 @@
 function ssh-fingerprint {
   local private_key_file="${1}"
 
-  local fingerprint="$(ssh-keygen -lf "${private_key_file}" 2>/dev/null | awk '{ print $2 }')"
+  local sshkeygen_string="ssh-keygen -lf"
+
+  if ssh-keygen - 2>&1 | grep -q "\-E"; then
+    sshkeygen_string="ssh-keygen -E md5 -lf"
+  fi
+
+  local fingerprint="$(${sshkeygen_string} "${private_key_file}" 2>/dev/null \
+                          | awk '{ print $2 }' \
+                          | sed s/MD5://)"
 
   if [ $? -ne 0 ]; then
     return 1
@@ -9,3 +17,26 @@ function ssh-fingerprint {
     echo "${fingerprint}"
   fi
 }
+
+function setup-ssh-agent {
+  # generate ssh keys if they don't already exist
+  if [ ! -f "${DEIS_TEST_AUTH_KEY_FULL}" ]; then
+    ssh-keygen -t rsa -f "${DEIS_TEST_AUTH_KEY_FULL}" -N ''
+  fi
+
+  if [ ! -f ${HOME}/.ssh/deiskey ]; then
+    ssh-keygen -q -t rsa -f ~/.ssh/deiskey -N '' -C deiskey
+  fi
+
+  # prepare the SSH agent
+  if [ -z ${SSH_AGENT_PID} ]; then
+    rerun_log "Starting ssh-agent..."
+    ssh-add -D 2> /dev/null || eval $(ssh-agent) && ssh-add -D 2> /dev/null
+  fi
+
+  rerun_log "Ensuring ssh keys are being served by ssh-agent..."
+  ssh-add "${DEIS_TEST_AUTH_KEY_FULL}" 2> /dev/null
+  ssh-add "${DEIS_TEST_SSH_KEY}" 2> /dev/null
+
+  export GIT_SSH="${DEIS_ROOT}/tests/bin/git-ssh-nokeycheck.sh"
+}
diff --git a/tests/ssh-1-test.sh b/tests/ssh-1-test.sh
new file mode 100644
index 0000000..65db2fa
--- /dev/null
+++ b/tests/ssh-1-test.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env roundup
+#
+#/ usage:  rerun stubbs:test -m rigger -p ssh [--answers <>]
+#
+
+[[ -f ./functions.sh ]] && . ./functions.sh
+
+describe "ssh"
+
+source ../lib/ssh.sh
+
+it_parses_old_ssh_keygen() {
+  function ssh-keygen {
+    if [ "${1}" == "-" ]; then
+      echo
+    elif [ "${1}" == "-lf" ]; then
+      echo "4096 e8:b6:fa:d3:6f:25:fe:b6:e3:b8:a5:31:ef:53:22:fb  test@example.com (RSA)"
+    fi
+  }
+
+  [ "$(ssh-fingerprint "test")" == "e8:b6:fa:d3:6f:25:fe:b6:e3:b8:a5:31:ef:53:22:fb" ]
+}
+
+it_parses_new_ssh_keygen() {
+  function ssh-keygen {
+    if [ "${1}" == "-" ]; then
+      echo " -E ... "
+    elif [ "${1}" == "-E" ]; then
+      echo "2048 MD5:c7:e8:c0:2f:37:8e:e2:87:d2:7a:0c:bc:aa:2d:27:85 test@example.com (RSA)"
+    fi
+  }
+
+  [ "$(ssh-fingerprint "test")" == "c7:e8:c0:2f:37:8e:e2:87:d2:7a:0c:bc:aa:2d:27:85" ]
+}