You might have tried it already, but I'd throw wireshark on there and capture the scan for a minute or two. Sometimes the SSH implementation by a given vendor can be quirky - like Cisco devices which require two sessions, not just one.
In that case, the scanner vendor has to develop to the implementation of the device vendor to accommodate the response.
Bad credentials also may imply a failed certificate exchange at initial SSH connection.
Just some thoughts.