Nessus *does* check the version string, but only to provide it for your information. It will try to exploit all known bugs in sshd. In my opinion, this is the only way to be certain you're not vulnerable.
Search for "ssh" at http://cgi.nessus.org/plugins/search.html to see a list of the vulns that will be identified.
been there, done that.
This is what nessus.org has to say:
---snipp--- Note that several distribution patched this hole without changing the version number of OpenSSH. Since Nessus solely relied on the banner of the remote SSH server to perform this check, this might be a false positive. ---snipp---
bye, Christoph
-- [EMAIL PROTECTED] mailing list
