Not usually seen as an easy initial attack vector, unless it’s been seriously misconfigured. Typically, a better approach is to have a list of usernames from enumeration to attempt brute forcing a login, or even better a user’s ssh key.

It’s always possible that the service may only accept public key auth, in which case brute forcing is basically a waste of time.

BEWARE: Aggressive scanning or login attempts can result in a account lock, IP ban, or activation of other defensive measures, making the port or service effectively unavailable.

Any banner version information may provide a decent method to better fingerprint the OS type and possibly version.

# Banner Grab
nc -nv 192.168.1.123 22
# Scan with nmap scripts
nmap --script=ssh2-enum-algos,ssh-auth-methods,ssh-hostkey,ssh-publickey-acceptance,sshv1 -p 22 192.168.1.123

References