[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Safe to access SSH server from work?

On 5/6/11, Jochen Schulz <ml@well-adjusted.de> wrote:

> If you only allowing key-based authentication and install security
> patches in a timely manner, the risk from running a public OpenSSH
> server is low. Expect brute-force attempts to login using weak
> passwords, though. If you only allow key logins, you can ignore that.

What exactly is a key login? The computer that needs to be accessed is
running Windows and I have installed WinSSHD on it. I see a "DSA host
key" on its configuration screen, accompanied by an MD5 fingerprint.
When I connected to it from my Debian box I received the
aforementioned fingerprint. Is this process the "key login" you're
referring to? I'm asking because in the configuration screen of
WinSSHD there's also an indication of "No RSA host key is currently
employed". What is the difference between the two keys? Do I need to
use both of them to be safe when accessing from the Internet?

Reply to: