Security issue with ssh on Debian server

view story

http://serverfault.com – I have setup Debian Squeeze on an old laptop to serve as a testbed. I have installed OpenSSH and edited /etc/ssh/sshd_config to use ssh keys and disallow password authentication. I am able, however, to login with a password via serFISH.com. On entering the password I get: Connecting as lemmy@*myipaddress* on port 5001... /root/.ssh/known_hosts updated. Original contents retained as /root/.ssh/known_hosts.old lemmy@my*ipaddress*'s password: Linux (HowTos)