> What is the issue exactly?

The OP has too much time on their hands. :)

You can play this whack-a-mole game indefinitely. If you have SSH open to the Internet, expect that others will try to connect 24/7.

I have asked Cloudflare about this traffic, but support says "Cloudflare helps protect sites, and accelerate them. We do not attack sites, and our network can't be used to generate attack traffic." They deny any malicious outgoing traffic, but after I have provided pcap dump they just ignoring me and do not reply anything. Very odd behaviour for researchers.

Cloudflare likes to use the "We're just a proxy" defense when it suits them, but with the rapid release of other products they are very capable of generating arbitrary traffic and hosting content without an origin.

Just curious/not furious: is there a convincing argument for why one should enable this particular kind of research at the cost of potentially diminished security? I recognize that this question relies on an assumption that is itself arguable, and that it might vary with context.

(Aside: I really wish English had a better way to distinguish between an earnest question and a rhetorical challenge.)