[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Safe to access SSH server from work?

> On 5/6/11, Jochen Schulz <ml@well-adjusted.de> wrote:
>> If you only allowing key-based authentication and install security
>> patches in a timely manner, the risk from running a public OpenSSH
>> server is low. Expect brute-force attempts to login using weak
>> passwords, though. If you only allow key logins, you can ignore that.
> What exactly is a key login?

You can authenticate to an OpenSSH server using a password, or using a
keyfile. On the client side, simply run 'ssh-keygen' to create a

> The computer that needs to be accessed is running Windows and I have
> installed WinSSHD on it.

If your server was running linux, you would just need to add your public
key (generated by ssh-keygen) to the ~/.ssh/authrized_keys file. I
cannot help with WinSSHD.

> I see a "DSA host
> key" on its configuration screen, accompanied by an MD5 fingerprint.

The SSH protocol allows for both server and client authentication. The
host key is like an SSL certificate: it is there so that clients can
make sure they are communicating to the server they think they do.

> When I connected to it from my Debian box I received the
> aforementioned fingerprint. Is this process the "key login" you're
> referring to?

No, that's the host key, not the client key.

> I'm asking because in the configuration screen of
> WinSSHD there's also an indication of "No RSA host key is currently
> employed". What is the difference between the two keys?

That probably only means that your server has a host key for the DSA
algorithm, but none for RSA. You don't need to care about that.

I am getting worse rather than better.
[Agree]   [Disagree]

Attachment: signature.asc
Description: Digital signature

Reply to: