The remote Debian host is missing a security-related update.
Dariusz Tytko, Michal Sajdak and Qualys Security discovered that OpenSSH, an implementation of the SSH protocol suite, was prone to a user enumeration vulnerability. This would allow a remote attacker to check whether a specific user account existed on the target server.
Upgrade the openssh packages. For the stable distribution (stretch), this problem has been fixed in version 1:7.4p1-10+deb9u4.