sh-3.2$ telnet 172.31.255.255 2206
Trying 172.31.255.255...
telnet: connect to address 172.31.255.255: Connection refused
telnet: Unable to connect to remote host
sh-3.2$ telnet 172.31.255.254 2206
Trying 172.31.255.254...
telnet: connect to address 172.31.255.254: Connection refused
telnet: Unable to connect to remote host
sh-3.2$ telnet 172.31.255.255 22
Trying 172.31.255.255...
Connected to 172.31.255.255.
Escape character is '^]'.
SSH-2.0-ROSSSH
I can't reproduce that on 5.6 on an RB750G as well as an RB433. Also, as you can see the banner is SSH-2.0-ROSSSH - RouterOS for quite a few versions now hasn't been using OpenSSH. I also don't know why they'd possibly be using a Debian spin, specifically Ubuntu. No one sane would be using an Ubuntu SSH server on a router appliance, and there most certainly aren't any binaries branded that way you could run on the MIPS platforms. I've also verified this against several x86 machines I have running on RouterOS just for the hell of it - same results
Are you SURE you're not just port forwarding port 2206 somewhere, and aren't really hitting the router? Can you post the output of "/ip firewall export" on that machine?