ssh spammed from 127.0.0.1 (“Did not receive identification string” and “Bad protocol version identification”)

Question

Prequel: I've seen this question, but it's not quite the same situation. I'm particularly curious about 'heroku' showing up in the logs.

I just built and spun up a new Ubuntu 18.04 box that I am using as a personal GPU workstation, and after installing/starting OpenSSH, I saw some curious entries in /var/log/auth.log (dates, hostname, and some records removed):

XXX XX XX:XX:XX XXXXXXXXX sshd[10204]: Bad protocol version identification '343 <158>1 2018-10-03T06:57:36.572868+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 39456
XXX XX XX:XX:XX XXXXXXXXX sshd[10205]: Bad protocol version identification '326 <158>1 2018-10-03T06:50:11.645399+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 39458
XXX XX XX:XX:XX XXXXXXXXX sshd[10209]: Bad protocol version identification '598 <134>1 2018-10-01T01:19:53+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39464
XXX XX XX:XX:XX XXXXXXXXX sshd[10210]: Bad protocol version identification '152 <190>1 2018-10-01T01:09:41.698646+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 39466
XXX XX XX:XX:XX XXXXXXXXX sshd[10211]: Bad protocol version identification '598 <134>1 2018-10-01T01:59:04+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39468
XXX XX XX:XX:XX XXXXXXXXX sshd[10213]: Bad protocol version identification '598 <134>1 2018-10-01T00:24:42+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39472
XXX XX XX:XX:XX XXXXXXXXX sshd[10214]: Bad protocol version identification '152 <190>1 2018-10-01T00:54:38.059651+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 39474
XXX XX XX:XX:XX XXXXXXXXX sshd[10215]: Bad protocol version identification '606 <134>1 2018-10-01T00:57:55+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39476
XXX XX XX:XX:XX XXXXXXXXX sshd[10218]: Bad protocol version identification '598 <134>1 2018-10-01T02:04:56+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39480
XXX XX XX:XX:XX XXXXXXXXX sshd[10221]: Bad protocol version identification '599 <134>1 2018-09-30T21:09:59+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39486
XXX XX XX:XX:XX XXXXXXXXX sshd[10222]: Bad protocol version identification '152 <190>1 2018-09-30T21:30:12.551580+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 39488
XXX XX XX:XX:XX XXXXXXXXX sshd[10224]: Bad protocol version identification '598 <134>1 2018-10-01T00:19:19+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39492
XXX XX XX:XX:XX XXXXXXXXX sshd[10226]: Bad protocol version identification '598 <134>1 2018-10-01T01:29:43+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39496
XXX XX XX:XX:XX XXXXXXXXX sshd[10227]: Bad protocol version identification '606 <134>1 2018-10-01T00:40:54+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39498
XXX XX XX:XX:XX XXXXXXXXX sshd[10228]: Bad protocol version identification '598 <134>1 2018-10-01T01:37:43+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39500
XXX XX XX:XX:XX XXXXXXXXX sshd[10229]: Bad protocol version identification '598 <134>1 2018-09-30T19:45:17+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39502
XXX XX XX:XX:XX XXXXXXXXX sshd[10230]: Bad protocol version identification '606 <134>1 2018-10-01T01:10:07+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39504
XXX XX XX:XX:XX XXXXXXXXX sshd[10231]: Bad protocol version identification '152 <190>1 2018-09-30T22:27:19.069201+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 39506
XXX XX XX:XX:XX XXXXXXXXX sshd[10236]: Bad protocol version identification '255 <190>1 2018-10-01T02:15:39.973702+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app analysis_tool' from 127.0.0.1 port 39518
XXX XX XX:XX:XX XXXXXXXXX sshd[10249]: Bad protocol version identification '600 <134>1 2018-10-04T00:59:28+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 39546
XXX XX XX:XX:XX XXXXXXXXX sshd[10251]: Bad protocol version identification '316 <158>1 2018-09-27T16:29:25.164230+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 39550
XXX XX XX:XX:XX XXXXXXXXX sshd[11461]: Bad protocol version identification '338 <158>1 2018-10-03T06:51:38.291898+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40426
XXX XX XX:XX:XX XXXXXXXXX sshd[11462]: Bad protocol version identification '335 <158>1 2018-10-03T07:02:04.154859+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40428
XXX XX XX:XX:XX XXXXXXXXX sshd[11463]: Bad protocol version identification '746 <158>1 2018-10-03T07:14:06.397812+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40434
XXX XX XX:XX:XX XXXXXXXXX sshd[11464]: Bad protocol version identification '336 <158>1 2018-10-03T06:50:36.022987+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40436
XXX XX XX:XX:XX XXXXXXXXX sshd[11465]: Bad protocol version identification '363 <158>1 2018-10-03T06:49:09.274958+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40438
XXX XX XX:XX:XX XXXXXXXXX sshd[11410]: Bad protocol version identification '607 <134>1 2018-10-04T04:50:57+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 40264
XXX XX XX:XX:XX XXXXXXXXX sshd[11431]: Bad protocol version identification '316 <158>1 2018-10-04T04:51:46.728498+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40332
XXX XX XX:XX:XX XXXXXXXXX sshd[11445]: Bad protocol version identification '316 <158>1 2018-10-04T04:52:17.793175+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40366
XXX XX XX:XX:XX XXXXXXXXX sshd[11438]: Bad protocol version identification '362 <158>1 2018-10-04T04:52:23.225117+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40350
XXX XX XX:XX:XX XXXXXXXXX sshd[11466]: Bad protocol version identification '327 <158>1 2018-10-04T04:52:25.482357+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40440
XXX XX XX:XX:XX XXXXXXXXX sshd[11414]: Bad protocol version identification '320 <158>1 2018-10-04T04:52:25.655112+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40298
XXX XX XX:XX:XX XXXXXXXXX sshd[11456]: Bad protocol version identification '364 <158>1 2018-10-04T04:52:25.923019+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40402
XXX XX XX:XX:XX XXXXXXXXX sshd[11496]: Bad protocol version identification '375 <158>1 2018-10-04T04:52:26.182816+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40522
XXX XX XX:XX:XX XXXXXXXXX sshd[11469]: Bad protocol version identification '360 <134>1 2018-10-04T04:52:27+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app postgres.10 - - [BRO' from 127.0.0.1 port 40448
XXX XX XX:XX:XX XXXXXXXXX sshd[11476]: Bad protocol version identification '353 <158>1 2018-10-04T04:52:28.932774+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40474
XXX XX XX:XX:XX XXXXXXXXX sshd[11503]: Bad protocol version identification '368 <158>1 2018-10-04T04:52:29.188773+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40546
XXX XX XX:XX:XX XXXXXXXXX sshd[11499]: Bad protocol version identification '395 <158>1 2018-10-04T04:52:29.315924+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40528
XXX XX XX:XX:XX XXXXXXXXX sshd[11498]: Bad protocol version identification '351 <158>1 2018-10-04T04:52:29.920658+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40526
XXX XX XX:XX:XX XXXXXXXXX sshd[11552]: Bad protocol version identification '165 <134>1 2018-10-04T04:52:18+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app postgres.10 - - [BRO' from 127.0.0.1 port 40724
XXX XX XX:XX:XX XXXXXXXXX sshd[11553]: Bad protocol version identification '316 <158>1 2018-10-04T04:53:22.213786+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 40728
XXX XX XX:XX:XX XXXXXXXXX sshd[11569]: Bad protocol version identification '606 <134>1 2018-10-04T04:53:33+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 40792
XXX XX XX:XX:XX XXXXXXXXX sshd[11533]: Bad protocol version identification '152 <190>1 2018-10-04T04:54:09.565661+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 40702
XXX XX XX:XX:XX XXXXXXXXX sshd[11559]: Bad protocol version identification '608 <134>1 2018-10-04T04:54:25+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 40762
XXX XX XX:XX:XX XXXXXXXXX sshd[11703]: Bad protocol version identification '419 <190>1 2018-10-04T04:57:37.670492+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 41180
XXX XX XX:XX:XX XXXXXXXXX sshd[11676]: Bad protocol version identification '378 <190>1 2018-10-04T04:57:46.924733+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app web.1 - - /ap' from 127.0.0.1 port 41086
XXX XX XX:XX:XX XXXXXXXXX sshd[11698]: Bad protocol version identification '337 <158>1 2018-10-04T04:57:46.954101+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41158
XXX XX XX:XX:XX XXXXXXXXX sshd[11706]: Bad protocol version identification '338 <158>1 2018-10-04T04:57:52.782191+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41200
XXX XX XX:XX:XX XXXXXXXXX sshd[11685]: Bad protocol version identification '238 <190>1 2018-10-04T04:57:52.784693+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 41112
XXX XX XX:XX:XX XXXXXXXXX sshd[11705]: Bad protocol version identification '207 <190>1 2018-10-04T04:57:54.358088+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 41190
XXX XX XX:XX:XX XXXXXXXXX sshd[11715]: Bad protocol version identification '326 <158>1 2018-10-04T04:57:37.367385+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41236
XXX XX XX:XX:XX XXXXXXXXX sshd[11718]: Bad protocol version identification '355 <158>1 2018-10-04T04:58:07.172793+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41242
XXX XX XX:XX:XX XXXXXXXXX sshd[11733]: Bad protocol version identification '235 <134>1 2018-10-04T04:58:05+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app postgres.5714 - - [B' from 127.0.0.1 port 41278
XXX XX XX:XX:XX XXXXXXXXX sshd[11709]: Bad protocol version identification '355 <158>1 2018-10-04T04:58:20.149785+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41214
XXX XX XX:XX:XX XXXXXXXXX sshd[11736]: Bad protocol version identification '200 <190>1 2018-10-04T04:57:48.783213+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 41288
XXX XX XX:XX:XX XXXXXXXXX sshd[11747]: Bad protocol version identification '364 <158>1 2018-10-04T04:58:01.751477+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41312
XXX XX XX:XX:XX XXXXXXXXX sshd[11719]: Bad protocol version identification '316 <158>1 2018-10-04T04:58:35.774146+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41244
XXX XX XX:XX:XX XXXXXXXXX sshd[11746]: Bad protocol version identification '610 <134>1 2018-10-04T04:57:52+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 41308
XXX XX XX:XX:XX XXXXXXXXX sshd[11713]: Bad protocol version identification '353 <158>1 2018-10-04T04:58:38.418692+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41226
XXX XX XX:XX:XX XXXXXXXXX sshd[11717]: Bad protocol version identification '344 <158>1 2018-10-04T04:58:50.214088+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41240
XXX XX XX:XX:XX XXXXXXXXX sshd[11848]: Bad protocol version identification '355 <158>1 2018-10-04T04:59:02.212376+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41366
XXX XX XX:XX:XX XXXXXXXXX sshd[11711]: Bad protocol version identification '352 <158>1 2018-10-04T04:59:05.690401+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41222
XXX XX XX:XX:XX XXXXXXXXX sshd[11741]: Bad protocol version identification '364 <158>1 2018-10-04T04:59:08.317313+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41294
XXX XX XX:XX:XX XXXXXXXXX sshd[11845]: Bad protocol version identification '355 <158>1 2018-10-04T04:59:11.193150+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41350
XXX XX XX:XX:XX XXXXXXXXX sshd[11844]: Bad protocol version identification '344 <158>1 2018-10-04T04:59:14.289428+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41348
XXX XX XX:XX:XX XXXXXXXXX sshd[11743]: Bad protocol version identification '364 <158>1 2018-10-04T04:59:20.336305+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41302
XXX XX XX:XX:XX XXXXXXXXX sshd[11742]: Bad protocol version identification '389 <158>1 2018-10-04T04:59:23.467236+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41296
XXX XX XX:XX:XX XXXXXXXXX sshd[11858]: Bad protocol version identification '345 <158>1 2018-10-04T04:59:25.083968+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41396
XXX XX XX:XX:XX XXXXXXXXX sshd[11863]: Bad protocol version identification '389 <158>1 2018-10-04T04:58:44.385872+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41422
XXX XX XX:XX:XX XXXXXXXXX sshd[11728]: Bad protocol version identification '332 <158>1 2018-10-04T04:59:29.423119+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41262
XXX XX XX:XX:XX XXXXXXXXX sshd[11870]: Bad protocol version identification '362 <158>1 2018-10-04T04:58:03.869301+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41462
XXX XX XX:XX:XX XXXXXXXXX sshd[11873]: Bad protocol version identification '389 <158>1 2018-10-04T04:59:09.228463+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41472
XXX XX XX:XX:XX XXXXXXXXX sshd[11874]: Bad protocol version identification '327 <158>1 2018-10-04T04:58:06.108143+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41476
XXX XX XX:XX:XX XXXXXXXXX sshd[11881]: Bad protocol version identification '312 <158>1 2018-10-04T05:00:23.808762+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41490
XXX XX XX:XX:XX XXXXXXXXX sshd[11883]: Bad protocol version identification '321 <158>1 2018-10-04T05:00:27.281711+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41506
XXX XX XX:XX:XX XXXXXXXXX sshd[11851]: Bad protocol version identification '336 <158>1 2018-10-04T05:00:30.821358+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41380
XXX XX XX:XX:XX XXXXXXXXX sshd[11884]: Bad protocol version identification '389 <158>1 2018-10-04T04:58:17.301527+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41514
XXX XX XX:XX:XX XXXXXXXXX sshd[11888]: Bad protocol version identification '152 <190>1 2018-10-04T04:57:10.178311+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 41530
XXX XX XX:XX:XX XXXXXXXXX sshd[11891]: Bad protocol version identification '346 <158>1 2018-10-04T04:58:35.291919+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41542
XXX XX XX:XX:XX XXXXXXXXX sshd[11887]: Bad protocol version identification '375 <158>1 2018-10-04T05:00:40.138229+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41526
XXX XX XX:XX:XX XXXXXXXXX sshd[11876]: Bad protocol version identification '344 <158>1 2018-10-04T05:00:41.090197+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41480
XXX XX XX:XX:XX XXXXXXXXX sshd[11895]: Bad protocol version identification '389 <158>1 2018-10-04T05:00:39.241898+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41562
XXX XX XX:XX:XX XXXXXXXXX sshd[11897]: Bad protocol version identification '344 <158>1 2018-10-04T04:59:02.492357+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41570
XXX XX XX:XX:XX XXXXXXXXX sshd[11892]: Bad protocol version identification '247 <190>1 2018-10-04T05:00:45.046175+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app web.1 - - Set' from 127.0.0.1 port 41544
XXX XX XX:XX:XX XXXXXXXXX sshd[11866]: Bad protocol version identification '247 <190>1 2018-10-04T05:00:47.674468+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app web.1 - - Set' from 127.0.0.1 port 41436
XXX XX XX:XX:XX XXXXXXXXX sshd[11920]: Bad protocol version identification '316 <158>1 2018-10-04T05:01:39.184107+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41662
XXX XX XX:XX:XX XXXXXXXXX sshd[11942]: Bad protocol version identification '355 <158>1 2018-10-04T04:58:32.183596+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41690
XXX XX XX:XX:XX XXXXXXXXX sshd[11943]: Bad protocol version identification '346 <158>1 2018-10-04T04:58:08.353201+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41692
XXX XX XX:XX:XX XXXXXXXXX sshd[11944]: Bad protocol version identification '352 <158>1 2018-10-04T04:58:13.445688+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41698
XXX XX XX:XX:XX XXXXXXXXX sshd[11899]: Bad protocol version identification '365 <134>1 2018-10-04T05:02:35+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app postgres.10 - - [BRO' from 127.0.0.1 port 41576
XXX XX XX:XX:XX XXXXXXXXX sshd[11960]: Bad protocol version identification '600 <134>1 2018-10-04T05:01:49+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 41784
XXX XX XX:XX:XX XXXXXXXXX sshd[11966]: Bad protocol version identification '327 <158>1 2018-10-04T05:00:39.319393+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41808
XXX XX XX:XX:XX XXXXXXXXX sshd[11972]: Bad protocol version identification '342 <158>1 2018-10-04T05:00:47.684420+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd heroku router - -' from 127.0.0.1 port 41838
XXX XX XX:XX:XX XXXXXXXXX sshd[11983]: Bad protocol version identification '228 <190>1 2018-10-04T05:00:27.660189+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 41862
XXX XX XX:XX:XX XXXXXXXXX sshd[11957]: Bad protocol version identification '152 <190>1 2018-10-04T05:03:11.295200+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 41772
XXX XX XX:XX:XX XXXXXXXXX sshd[11994]: Bad protocol version identification '598 <134>1 2018-10-04T05:03:33+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 41878
XXX XX XX:XX:XX XXXXXXXXX sshd[12022]: Bad protocol version identification '598 <134>1 2018-10-04T05:04:25+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 41938
XXX XX XX:XX:XX XXXXXXXXX sshd[12060]: Bad protocol version identification '152 <190>1 2018-10-04T05:06:11.867202+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 42108
XXX XX XX:XX:XX XXXXXXXXX sshd[12089]: Bad protocol version identification '607 <134>1 2018-10-04T05:07:00+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 42178
XXX XX XX:XX:XX XXXXXXXXX sshd[12107]: Bad protocol version identification '152 <190>1 2018-10-04T05:09:12.459587+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app worker.1 - - ' from 127.0.0.1 port 42238
XXX XX XX:XX:XX XXXXXXXXX sshd[12240]: Bad protocol version identification '606 <134>1 2018-10-04T05:07:52+00:00 d.edf10812-9de0-4476-9bf8-f7b01fd845cd app heroku-postgres - - ' from 127.0.0.1 port 42352
XXX XX XX:XX:XX XXXXXXXXX sshd[18410]: Did not receive identification string from 127.0.0.1 port 36000
XXX XX XX:XX:XX XXXXXXXXX sshd[18411]: Did not receive identification string from 127.0.0.1 port 36002
XXX XX XX:XX:XX XXXXXXXXX sshd[18445]: Did not receive identification string from 127.0.0.1 port 36018
XXX XX XX:XX:XX XXXXXXXXX sshd[18446]: Did not receive identification string from 127.0.0.1 port 36020
XXX XX XX:XX:XX XXXXXXXXX sshd[18447]: Did not receive identification string from 127.0.0.1 port 36022
XXX XX XX:XX:XX XXXXXXXXX sshd[18448]: Did not receive identification string from 127.0.0.1 port 36024
XXX XX XX:XX:XX XXXXXXXXX sshd[18472]: Did not receive identification string from 127.0.0.1 port 36038
XXX XX XX:XX:XX XXXXXXXXX sshd[18473]: Did not receive identification string from 127.0.0.1 port 36040
XXX XX XX:XX:XX XXXXXXXXX sshd[18474]: Did not receive identification string from 127.0.0.1 port 36042
XXX XX XX:XX:XX XXXXXXXXX sshd[18475]: Did not receive identification string from 127.0.0.1 port 36044
XXX XX XX:XX:XX XXXXXXXXX sshd[18476]: Did not receive identification string from 127.0.0.1 port 36046
XXX XX XX:XX:XX XXXXXXXXX sshd[18477]: Did not receive identification string from 127.0.0.1 port 36048
XXX XX XX:XX:XX XXXXXXXXX sshd[18478]: Did not receive identification string from 127.0.0.1 port 36050

If it's relevant, I am using ngrok to make my machine ssh-able, since my router's port forwarding is giving me trouble; could this be the cause? I am also using Google's google-authenticator for two-factor authentication.

Is this reason for concern? Seeing multiple requests each second scares me a bit.

Answer 1

This looks a bit like some port scanning / exploit scanning activity that is performed against ngrok's network. The scanning packets are redirected via their tunnelling feature to your SSH port.

ngrok's network is actually a very good target for scanning activities like this, since their purpose is to expose development environments to Internet, and those are typically not properly secured.

However, in your case, this scanning isn't dangerous, as SSH doesn't have any known remotely exploitable vulnerabilities. It will simply fill your log, and might use some bandwidth.