Quote:
Originally Posted by dirtydog7655
Ok so, buddy of mine has his ssh server setup and upon checking his logs he sees a ton of failed attempts.
|
You should regard this as normal. maybe, in an ideal world, it wouldn't happen, but in this world it does happen, so just be prepared for it.
Quote:
Originally Posted by dirtydog7655
Now obviously these are people that are scanning him and trying to brute force him.
|
...not quite so obvious, given that it could be brute force or it could be a dictionary attack, but you probably meant either...
Quote:
Originally Posted by dirtydog7655
So is there a way to block them? We know you can block each IP but is there a way to block ALL connections except for certain ones, such as his and mine? Maybe a couple others.
|
Look
here for example, for a good overview of the advantages and disadvantages of different approaches that you could take.
In addition, you could look at things like denyhosts or fail2ban to help iptables to stop repeated attempts as soon as possible (on Linux, the firewall is iptables/netfilter, but there are a large number of 'easy' tools that you can use to aid in its configuration).
BTW, you have to remember that the problem is the risk of an attack succeeding; 'bad' entries in a log file is not a problem, per se (it is an early warning, providing someone looks through the log files and reacts, if appropriate), the risk of someone succeeding is the problem.