George: > On 5/6/11, Jochen Schulz <m...@well-adjusted.de> wrote: > >> If you only allowing key-based authentication and install security >> patches in a timely manner, the risk from running a public OpenSSH >> server is low. Expect brute-force attempts to login using weak >> passwords, though. If you only allow key logins, you can ignore that. >> > > What exactly is a key login?
You can authenticate to an OpenSSH server using a password, or using a
keyfile. On the client side, simply run 'ssh-keygen' to create a
keypair.
> The computer that needs to be accessed is running Windows and I have
> installed WinSSHD on it.
If your server was running linux, you would just need to add your public
key (generated by ssh-keygen) to the ~/.ssh/authrized_keys file. I
cannot help with WinSSHD.
> I see a "DSA host
> key" on its configuration screen, accompanied by an MD5 fingerprint.
The SSH protocol allows for both server and client authentication. The
host key is like an SSL certificate: it is there so that clients can
make sure they are communicating to the server they think they do.
> When I connected to it from my Debian box I received the
> aforementioned fingerprint. Is this process the "key login" you're
> referring to?
No, that's the host key, not the client key.
> I'm asking because in the configuration screen of
> WinSSHD there's also an indication of "No RSA host key is currently
> employed". What is the difference between the two keys?
That probably only means that your server has a host key for the DSA
algorithm, but none for RSA. You don't need to care about that.
J.
--
I am getting worse rather than better.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
signature.asc
Description: Digital signature
