I just looked at the security section you are talking about and the title of that section is wrong. It now reads "which services would you like to allow the internet to connect to". It should read "which services would you like to allow other computers over the network to connect to".
I think you nailed it! I have puzzled over this since MDV 10.0
"Computers over the network" will mean "computers on the internet" only if this computer is connected directly to the internet. Yours in not.
"Computers over the network" will mean "computer on local network" if the computer is connected on a local network, like in your case.
Your computer is connected to a local network and hence the title in your case is wrong and i think it should be changed to accommodate offering networks services over local networks.
You are safe, allowing those services will only expose them to other computers on your local network, not to the internet.
Correct , I'm behind the router.
May i ask why are you using sftp to share files over local network? Most people use NFS or samba.
That's just the way I learned. Believe me I read for weeks about networking way back when and FINALLY after all command line pinging was successful but still could not use GUI to drag and drop files between PC's someone said just enter sftp://192.168.x.xxx into your file manager and it will work and I did and it does!
For what it's worth I could never get networking in Windows properly either so maybe I just don't understand the mishmash of DNS,HOST, ftp,DHCP, CLient, Zeroconf, gateway, hub, switch, router, firewall, proxies, MAC, IP, spoofing, ports, squid, samba, NFS, ssh, and the fact that each one of these services can be running, or need to be running on one, some or all machines in order to "see" another machine on a local network. It really is confusing. Too much for my little peanut.
For me most of the time, GUI drag and drop of directories and files between PCs is just faster so that's how I went. I have heard of NFS and Samba for years but don't know if they are daemons/services/backends that CAN use a GUI frontend or if they are GUI themselves. Maybe you can clear that up.
Off topic: An example was DansGuardian I tried to get working years ago until I realized that it was a SERVICE running in the background and had to be configured manually! I still have the printout of DG manual and there is no mention of how to "launch" the program in a GUI. I had just come from the Windows world and was dead in the water when after installation there was no menu entry and then when I launched from console it returned " DG is already running". Somewhere in those docs it should have mentioned this little tidbit and would have saved me hours. I think the same situation is going on here.
Slightly more on topic: I know for a fact that in an unrelated issue years ago I found another place where wording was ambiguous, so I found the text script ( not shell executable) of that warning and altered it to be more accurate and it worked! That's why I was asking where the text was located about the host fingerprint text so I can rewrite it. Now that you mention it I would love to alter the "What services would you like the internet to connect to" title. Looked in /usr/share/docs but no luck.