diff --git a/src/analyzer/protocol/ssh/ssh-analyzer.pac b/src/analyzer/protocol/ssh/ssh-analyzer.pac
index 34b6f4b407..917e432098 100644
--- a/src/analyzer/protocol/ssh/ssh-analyzer.pac
+++ b/src/analyzer/protocol/ssh/ssh-analyzer.pac
@@ -58,20 +58,19 @@ const char* fingerprint_md5(const unsigned char* d)
 %}
 
 refine flow SSH_Flow += {
-	function proc_ssh_version(msg: SSH_Version): bool
+	function proc_ssh_version_client(msg: SSH_Version_Client): bool
 		%{
-		if ( ssh_client_version && ${msg.is_orig } )
-			{
-			zeek::BifEvent::enqueue_ssh_client_version(connection()->zeek_analyzer(),
-				connection()->zeek_analyzer()->Conn(),
-				to_stringval(${msg.version}));
-			}
-		else if ( ssh_server_version )
-			{
-			zeek::BifEvent::enqueue_ssh_server_version(connection()->zeek_analyzer(),
-				connection()->zeek_analyzer()->Conn(),
-				to_stringval(${msg.version}));
-			}
+		zeek::BifEvent::enqueue_ssh_client_version(connection()->zeek_analyzer(),
+			connection()->zeek_analyzer()->Conn(),
+			to_stringval(${msg.version}));
+		return true;
+		%}
+
+	function proc_ssh_version_server(msg: SSH_Version_Server): bool
+		%{
+		zeek::BifEvent::enqueue_ssh_server_version(connection()->zeek_analyzer(),
+			connection()->zeek_analyzer()->Conn(),
+			to_stringval(${msg.version}));
 		return true;
 		%}
 
@@ -267,8 +266,12 @@ refine flow SSH_Flow += {
 		%}
 };
 
-refine typeattr SSH_Version += &let {
-	proc: bool = $context.flow.proc_ssh_version(this);
+refine typeattr SSH_Version_Client += &let {
+	proc: bool = $context.flow.proc_ssh_version_client(this);
+};
+
+refine typeattr SSH_Version_Server += &let {
+	proc: bool = $context.flow.proc_ssh_version_server(this);
 };
 
 refine typeattr SSH2_KEXINIT += &let {
diff --git a/src/analyzer/protocol/ssh/ssh-protocol.pac b/src/analyzer/protocol/ssh/ssh-protocol.pac
index c152f29b93..a7a4c044e1 100644
--- a/src/analyzer/protocol/ssh/ssh-protocol.pac
+++ b/src/analyzer/protocol/ssh/ssh-protocol.pac
@@ -20,16 +20,28 @@ proc: bool = $context.connection.inc_encrypted_byte_count_in_current_segment();
 };
 
 type SSH_PDU(is_orig: bool) = case $context.connection.get_state(is_orig) of {
-	VERSION_EXCHANGE -> version   : SSH_Version(is_orig);
+	VERSION_EXCHANGE -> version   : SSH_Version_Switch(is_orig);
 	ENCRYPTED        -> encrypted : EncryptedByte(is_orig);
 	default          -> kex       : SSH_Key_Exchange(is_orig);
 } &byteorder=bigendian;
 
-type SSH_Version(is_orig: bool) = record {
+type SSH_Version_Switch(is_orig: bool) = case is_orig of {
+	true -> client_version : SSH_Version_Client;
+	false -> server_version: SSH_Version_Server;
+};
+
+type SSH_Version_Server = record {
 	version : bytestring &oneline;
 } &let {
-	update_state   : bool = $context.connection.update_state(KEX_INIT, is_orig);
-	update_version : bool = $context.connection.update_version(version, is_orig);
+	update_state   : bool = $context.connection.update_state(KEX_INIT, false);
+	update_version : bool = $context.connection.update_version(version, false);
+};
+
+type SSH_Version_Client = record {
+	version : bytestring &oneline;
+} &let {
+	update_state   : bool = $context.connection.update_state(KEX_INIT, true);
+	update_version : bool = $context.connection.update_version(version, true);
 };
 
 type SSH_Key_Exchange(is_orig: bool) = record {