Hi all

I am used to seeing the sshd[XXXXX]: error: kex_exchange_identification: client sent invalid protocol identifier now and then in my server logs from bots and scanners, but usually with a remote IP in the from line. However, I looked at my logs today and saw this:

sshd[xxxxx]: error: kex_exchange_identification: client sent invalid protocol identifier "\023/multistream/1.0.0"
sshd[xxxxx]: banner exchange: Connection from 127.0.0.1 port 36984: invalid format

It happened about three times, twice within a minute and the other about 20-30mins after. I was running IPFS at the time, which may explain it, but what unnerved me was the local host address. Just wondered wether its normal?. I wouldn't have given it much thought if it showed a remote IP. I am guessing whatever it was was sending the wrong kind of protocol anyhow. Multi-stream is referenced regards IPFS and thus wasn't able to do anything, so I am thinking its nothing, but wondered if anybody could clarify?

Nothing else seems out of place and rkhunter shows nothing (just incase).

Many Thanks
Ry