arne
> Is it possible to use the private-public keys to
> lock out unvanted logons ?? (Have allvays thought > of this mechanism as some "encrypting the
> datastream only mechenism".
You have missed the point totally.
Public/Private keys requires a code key on your originating Windows workstation that must be the partner of the code key on the server, for that particular user.
You do not even need to enter a password (if you choose to configure the key that way) as your login to the server will only be accepted if you have the partner key on your workstation.
You create the pair of keys initially using the ssh-keygen program, and then install the public key on the server and the private key on any workstation(s) you are accessing from. You should treat workstation security appropriately (password only logon and screen saver passwords etc).
The other important part of securing your server and stopping unwanted ssh login attempts, is to disable (ie set to No) the setting in server manager/Remote access/Secure Shell settings for "Allow secure shell access using standard passwords".
With this set at No, it's IMPOSSIBLE for anyone to login using ssh with normal passwords. Anyone can only access using public/private keys.
The hackers can try as much as they like but all attempts will not be accepted. There is no way they can get their public key onto your server.
I highly recommend you read the HOWTO by Ian Wells and implement public/private key access control.
http://www.wellsi.com/sme/ssh/ssh.html