Security Onion is remastered using Remastersys. As part of the remastering process, Remastersys removes the SSH Host keys. The end result is that, even though the SSH daemon is running, it will not accept any connections.
To generate SSH host keys, use the ssh-keygen command as follows:
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
The SSH daemon will then accept connections normally.
The next version of Security Onion will include SSH host key generation in its Setup script.