> The SSH_enumusers auxiliary module allows user detection:

Gee, I naively assumed that ssh was designed to avoid leaking whether users were valid or not. Is this based on just timing or does the protocol really reveal whether or not it's a valid user?

Yes, it appears to be a timing attack where invalid users are denied more quickly than valid users.

https://www.rapid7.com/db/modules/auxiliary/scanner/ssh/ssh_...

And to be clear, this is an issue that resurfaced in August or so of 2016, and is patched in supported OpenSSH daemons[0][1].

[0] https://access.redhat.com/security/cve/cve-2016-6210

[1] https://www.ubuntu.com/usn/usn-3061-1/