Your question is if this is secure?  Well, first of all your nmap scan was to limited since you were just looking for –p 22, but I assume you did this way knowing that was the only service running on your server and just wanted to display your results. A true scan will include all 65535 tcp and upd ports and it should be done remotely so a rootkit can’t mess with the accuracy of your output.  It seems like you did the right thing by checking available exploits for the service. So you didn’t find any published exploits for that service does that mean you are safe? No, you are not 100% safe.  Just because someone can’t find a published exploit or it’s not in the beloved script kiddie tool metasploit doesn’t mean one doesn’t exist. Remember there are exploits being developed by sophisticated hackers in the underground that the “ethical” community is not aware of.  On the other hand the exploits usually developed by the white hat community are usually revealed quickly because the developer is so eager to get his 10 seconds of glory in the security field. Not always, and sometimes they let the vender know ahead of time so they can make a patch. Those kind of exploits have value for about a month, if even that, then they are only good for low hanging fruit that never gets patched.
 
Now that doesn’t mean you need to stay up late at night worrying because if your server is low profile, more than likely you wont get attacked by such an attack, because unknown exploits are developed and traded by a small group of “leet” hackers and not the huge sea of script kiddies that seem to be getting larger out there even as I type. Hackers of a high caliber usually have bigger fish to fry. That’s not to say one wouldnt want to use your server to launch a more important attack from. Ok so what can you do? Well, you still need to configure firewall well and also make sure your IDS has the latest rules. Harden your OS so that a buffer overflow is difficult to occur even with a vulnerable service. There are some decent apps out there for this.  At this point you will be 99% secure because if you are a low value target, no hacker is going to waste a lot time trying to own you just to make you into a zombie when there are so many easier targets out there. Hey 99% is good odds!

I have found that 1.99 is hackable in certain environments. Its good you disallowed it.

Nice catch, eth3real. I guess I never noticed that in the past few years I've been using EnGarde. I don't have SSH open on the external side, so something like this wouldn't show up in any scans. Thanks for posting that.

Thanks for the great replies!

I'm glad I helped other people realize that EnGarde Secure Linux will use SSH 2.0 and fallback to SSH 1.0 by default.