Articles

Upgrading OpenSSH on Ubuntu LTS

If you receive a PCI compliance warning telling you to update to the most recent version of OpenSSH, your PCI scanner is most likely showing a false positive.

OpenSSH 6.6 is the most recent version on Ubuntu 14.04.

OpenSSH 7.2 is the most recent version on Ubuntu 16.04.

Like all major Linux distributions, Ubuntu backports security and bug fixes specifically so it does not break application compatibility by changing versions between distribution releases.

You do not and should not take any action to change your server.

Instead, let the PCI scanner know the version of Ubuntu you are running and the version of OpenSSH you have installed, which you can find with the following commands:

lsb_release -r

dpkg --list openssh-server

You can also provide the scanner with this link showing the version number of the latest OpenSSH releases from Ubuntu for 14.04:
https://launchpad.net/ubuntu/trusty/+source/openssh/+changelog

and for 16.04:
https://launchpad.net/ubuntu/xenial/+source/openssh/+changelog

Do not attempt to replace OpenSSH on your server with any other version. If you do, ServerPilot will not be able to provide support for any breakage this may cause.