When running a PCI scan on your site, you may run across a warning stating that your version of OpenSSH is outdated.
In this article, we'll show you what causes this warning, how to check your OpenSSH version, and possible false positives that can occur.
Checking Your OpenSSH Version
If you're on a Pagely VPS, Pagely manages your server for you, including OpenSSH patches. This means that if you're getting a warning about an outdated OpenSSH version, it's likely due to a false positive.
To check your OpenSSH version, you can log into the server over SSH and run the following command:
ssh -V
Your output should look something like this:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
From there, you can then compare the version with the latest release of OpenSSH from the Ubuntu repositories.
False Positives
In some instances, PCI scans may report a false positive. This is due to the PCI scan incorrectly parsing the OpenSSH version as outdated when in reality, it's been fully patched.
To verify that it is indeed a false positive, your current OpenSSH version can be compared to the latest repository version on Launchpad.
Still Not Sure? Ask Us
If you have any further questions or want to be extra sure, feel free to reach out to our support team. They'll be happy to help you with any questions that you may have about your PCI scan.