I'm a complete noob when it comes to ssh-security so this may not be a problem at all. But if it is, I would appreciate any advice in how to secure my server better.
First off, it's an Ubuntu 10.04 LTS server. Which may or may not make a difference compared to say a RedHat or Suse server. Sshd is, at any rate, OpenSSH 5.3p1.
I've configured sshd to only allow one specific user to connect to the machine using ssh. So far, the user is configured to use username + password to authenticate but I've been thinking of changing that to only allow public/private key authentication instead.
So far so good. The one potential problem I've noticed is that using:
nmap -sV -A -o --osscan-guess hostname
one can discover the ssh-hostkey. How much of a problem is that? Or put in other words: how worried should I be?