OpenSSH is a secure protocol for remote access to servers and other networked devices, while OpenSSL is a library that provides cryptographic functions for secure communication over the internet.
While both OpenSSH and OpenSSL are used to enhance the security of network communications, they serve different purposes and are implemented in different ways.

This means that you can use SSH to securely connect to remote machines running Windows 10 or Windows Server 2019, just like you can with Unix-based systems.
The SSH support in Windows includes both a client and server component.
The client allows you to establish secure connections to remote machines, while the server allows you to receive incoming secure connections from other machines.
To use SSH in Windows, you can use the built-in command-line tool called OpenSSH, or you can use third-party software that provides graphical user interfaces for SSH connections.
Overall, Windows has solid support for SSH, making it a reliable choice for secure remote access to Windows machines.

(MitM) attack on OpenSSH connections if the attacker is able to intercept and modify the traffic between the client and the server.
However, OpenSSH is designed to resist such attacks by using strong encryption and public key authentication.
In a typical OpenSSH connection, the client and server exchange public keys during the initial handshake to establish a secure connection.
If an attacker is able to intercept and modify this exchange, they could substitute their own public key for the legitimate one, which would allow them to intercept the traffic and read or modify it before passing it on to the intended recipient.
To prevent this type of attack, OpenSSH uses a technique called "host key verification" which helps to ensure that the public key of the server is the correct one.
When a client connects to an OpenSSH server for the first time, it checks the server's public key against a list of known host keys.
If the key does not match, the client will issue a warning and will not proceed with the connection.
However, it is important to note that a determined and skilled attacker with access to the network could potentially bypass these security measures, which is why it is important to take additional precautions such as using VPNs or other secure communication channels to further protect against MitM attacks.

There are several reasons why there are so many brute force attempts over SSH on the internet:

• SSH is a popular protocol: SSH is a widely used protocol for remote access to servers and networked devices, and it is often used to manage critical systems. This popularity makes SSH a prime target for attackers who are looking to gain unauthorized access.
• Default configurations: Many SSH servers are configured with default settings, including default usernames and passwords. Attackers can use automated tools to scan for servers with these default configurations and then launch brute force attacks to try and gain access.
• Weak passwords: Many users choose weak passwords that are easy to guess, such as "password" or "123456". Attackers can use automated tools to launch brute force attacks that try thousands of password combinations in a short amount of time.
• Botnets: Some attackers use botnets, which are networks of compromised computers, to launch large-scale brute force attacks on SSH servers. These attacks can be difficult to defend against because they come from many different IP addresses and can overwhelm a server with traffic.

To protect against brute force attacks, it is important to use strong passwords or passphrase, disable default login credentials, implement rate limiting for login attempts, use multi-factor authentication and consider using a VPN for remote access instead of exposing SSH ports to the internet.

Using hardware keys like Trezor and Ledger can require host verification, a security feature that ensures the device is being accessed by an authorized host.
This helps prevent unauthorized access to the device, even if an attacker gains control of the computer that the device is connected to.
However, some users may want to disable this feature for convenience or compatibility reasons.
To disable host verification on Trezor, you can use the Trezor Bridge software and select the option to disable host verification in the settings.
Note that this is not recommended as it can reduce the security of your device.
For Ledger devices, it is not possible to completely disable host verification, but you can use the "Allow unauthenticated communication" option in the Ledger Live settings to bypass host verification for certain apps.
Again, this is not recommended as it can reduce the security of your device.
Remember that these security features are in place for a reason and disabling them can put your hardware wallet and cryptocurrency at risk.
It is recommended to keep host verification enabled unless you have a specific and compelling reason to disable it.
It is not possible to disable host verification for a specific key on Trezor or Ledger devices.
Host verification is a device-wide setting that applies to all keys and transactions.
You can use a separate backup hardware wallet as a backup key, which can be stored in a secure location and only accessed when needed.
This way, you can still have the protection of host verification on your primary hardware wallet, while having a backup option available if needed.
Alternatively, you can use a software wallet for backup purposes, which typically do not have host verification requirements.
Keep in mind that software wallets are generally less secure than hardware wallets and should only be used as a backup option if necessary.

OpenSSH does not support XTS mode ciphers, it is not a suitable mode of operation for network encryption.
Instead, OpenSSH uses CTR (counter) mode or CBC (cipher block chaining) mode for encryption, depending on the cipher chosen.