Remove identifying information from SSH

You cannot remove it (easily/safely) it is part of the SSH protocol and used to determine what version of SSH is supported by sshd and should be left where it is. That said you might be able to use your favourite hex editor to change the string to another string of equal length. You will need at least: SSH-2.0 present. I really don't recommend that you do this, you will break the checksum for your sshd and it will be replaced whenever you update your sshd package. Again changing it will not achieve anything.

Telnetting onto port 22 will reveal this information also:

$ telnet localhost 22
Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu3

I think trying to remove the header isn't the best way to add a little security here. All it really would be is security through obscruity which doesn't amount to that much.

Instead, I would suggest you look into port knocking. It is described for Linux in this article. I rather think your paranoid side will be pleased with this. Basically a scan would show the port as closed unless the scanner tried to scan certain ports in a certain order (A secret knock, so to speak).

You could also block people who exhibit scan behavior which some of the solutions mentioned in this serverfault post.

NMAP determines that information based on a certain amount of guesswork. If your SSHD responds to an NMAP probe at all then NMAP will check that response against it's database, and make a guess as to what system you're running.

The probes are pretty sophisticated; for example, it may try several variations of initiating a SSH connection on a port, to see which versions are recognized. It may attempt to provoke an error message, or it may just check the "hello" screen.

The surest way of blocking NMAP probes is by simply blocking NMAP probes all together at the firewall, and white listing servers that are allowed to SSH into your machines.