Upgrading OpenSSH on Ubuntu LTS
If you receive a PCI compliance warning telling you to update to the most recent version of OpenSSH, your PCI scanner is most likely showing a false positive.
OpenSSH 6.6 is the most recent version on Ubuntu 14.04.
OpenSSH 7.2 is the most recent version on Ubuntu 16.04.
OpenSSH 7.6 is the most recent version on Ubuntu 18.04.
Like all major Linux distributions, Ubuntu backports security and bug fixes specifically so it does not break application compatibility by changing versions between distribution releases.
You do not and should not take any action to change your server.
Instead, let the PCI scanner know the version of Ubuntu you are running and the version of OpenSSH you have installed, which you can find with the following commands:
lsb_release -r dpkg --list openssh-server
You can also provide the scanner with these links showing the version numbers of the latest OpenSSH releases from Ubuntu below.
Last updated: April 26, 2018