I run ossec on my server and periodically I receive a warning like this:
Received From: myserver->/var/log/auth.log
Rule: 5701 fired (level 8) -> "Possible attack on the ssh server (or version gathering)."
Portion of the log(s):
Nov 19 14:26:33 myserver sshd[2105]: Bad protocol version identification 'GET /robots.txt HTTP/1.1' from 66.249.73.226
The IP address always corresponds to a google crawler. But why in the world would googlebot be trying to index my SSH server? We run SSH on the standard, well-known port (22), so it seems like google would know better than to look for a web server there. And we definitely haven't published any links that would lead it to believe otherwise.