I suppose the first question is have you read the release notes for recent releases? Not much details on non TN issues tho, timing doesn't look promising.
Another question is do you forward ssh agent from the TN system at all? Especially a remote untrusted system?
I've always thought that indiscriminate agent forwarding was a bad idea.
Vulnerability scanners are useful, but if the conditions for vulnerability aren't met then there isn't a vulnerability, just a potential.
Seems like you could set ForwardAgent=no to disable functionality too, and I guess nessus would never know unless it runs locally and can inspect the configuration.
I do read the release notes. TN13.0u5.3 was a hotfix for a corner case causing crashing on ZFS replication. Nothing was mentioned about the ssh vulnerability.
I do not have agent forwarding set up anywhere. I guess back in the day, it had it's purpose, if you were doing the same command on a number of hosts...But in 2023, there are many
many better options...Ansible, SaltStack, Puppet, etc.
The problem with nessus is that unless you tell it to
test for a specific vulnerability (which could cause breakage in many cases), it checks the version number against the "known good" version of the package. So having AgentForwarding set to no (which was the normal state of affairs) made no difference.
