Not usually seen as an easy initial attack vector, unless it’s been seriously misconfigured. Typically, a better approach is to have a list of usernames from enumeration to attempt brute forcing a login, or even better a user’s ssh key.
It’s always possible that the service may only accept public key auth, in which case brute forcing is basically a waste of time.
BEWARE: Aggressive scanning or login attempts can result in a account lock, IP ban, or activation of other defensive measures, making the port or service effectively unavailable.
Any banner version information may provide a decent method to better fingerprint the OS type and possibly version.
# Banner Grab nc -nv 192.168.1.123 22
# Scan with nmap scripts nmap --script=ssh2-enum-algos,ssh-auth-methods,ssh-hostkey,ssh-publickey-acceptance,sshv1 -p 22 192.168.1.123