ssh spammed from 127.0.0.1 (“Did not receive identification string” and “Bad protocol version identification”)

ssh security ubuntu intrusion-detection

Solution 1:

This looks a bit like some port scanning / exploit scanning activity that is performed against ngrok's network. The scanning packets are redirected via their tunnelling feature to your SSH port.

ngrok's network is actually a very good target for scanning activities like this, since their purpose is to expose development environments to Internet, and those are typically not properly secured.

However, in your case, this scanning isn't dangerous, as SSH doesn't have any known remotely exploitable vulnerabilities. It will simply fill your log, and might use some bandwidth.

Related

Nginx handle SSL and proxy pass to HTTP backend in docker but tries to keep serving local content
command "docker compose up" not found in azure aci
AWS Client VPN SSO SAML Linux client
nginx redirecting to localhost
How do I set up a Minecraft server on a specific port?
Where can I get a basic list of all permissions that I can deny/allow in PEX?
Why did I get a Legendary Card from an arena of a higher level?
How can I stop moving vehicles without having to chase it down?
Gamerules in Minecraft "Unknown Command" [duplicate]
Are Godville's English and Russian versions the same exact game?
Is there a way to not change camera angles?
How can I get old MC Server versions? [duplicate]