When running a PCI scan on your site, you may run across a warning stating that your version of OpenSSH is outdated.
In this article, we'll show you what causes this warning, how to check your OpenSSH version, and possible false positives that can occur.
Checking Your OpenSSH Version
If you're on a Pagely VPS, Pagely manages your server for you, including OpenSSH patches. This means that if you're getting a warning about an outdated OpenSSH version, it's likely due to a false positive.
To check your OpenSSH version, you can log into the server over SSH and run the following command:
Your output should look something like this:
From there, you can then compare the version with the latest release of OpenSSH from the Ubuntu repositories.
In some instances, PCI scans may report a false positive. This is due to the PCI scan incorrectly parsing the OpenSSH version as outdated when in reality, it's been fully patched.
To verify that it is indeed a false positive, your current OpenSSH version can be compared to the latest repository version on Launchpad.
If you're currently receiving a false positive, plans are already in place to resolve them with our latest Gen3 architecture. For more information, see our post about our Ubuntu 20.04 LTS upgrade rollout.
Still Not Sure? Ask Us
If you have any further questions or want to be extra sure, feel free to reach out to our support team. They'll be happy to help you with any questions that you may have about your PCI scan.