You have scanned your servers using Qualys. It identified vulnerability on CentOS (Linux) server.

"OpenSSH Username Enumeration Vulnerability (CVE-2018-15473)
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Customers are advised to upgrade to <A HREF="" TARGET="_blank">OpenSSH 7.8</A> or later versions to remediate this vulnerability."



Though solution suggests to install OpenSSH 7.8 or above, it is found that this is false-positive alert raised by Qualys if you have following OpenSSH version running on CentOS server

$ rpm -q openssh

The same is confirmed at –

But if you want to update the OpenSSH version to 8.0 then follow these steps-

#Download OpenSSH 8.0
wget -c
tar -xzf openssh-8.0p1.tar.gz
cd openssh-8.0p1/


## Install PAM and SELinux Headers ##
sudo yum install pam-devel libselinux-devel --yes

## Compile and Install SSH from Sources ##
./configure --with-md5-passwords --with-pam --with-selinux --with-privsep-path=/var/lib/sshd/ --sysconfdir=/etc/ssh
sudo make install


NOTE: You may observe following errors while running 'make' command-

error: *** working libcrypto not found, check config.log
fix: Install openssl-devel.x86_64 package

sudo yum install openssl-devel.x86_64

error: configure: error: no acceptable C compiler found in $PATH
fix: Install gcc package

sudo yum install gcc


Once you have installed OpenSSH, restart SSH or open another terminal windows and check the version of OpenSSH now installed on your system.

$ ssh -V

OpenSSH_8.0p1, OpenSSL 1.0.2k-fips 26 Jan 2017


Reference: If you want to install OpenSSH first time then follow this –

How to Install OpenSSH 8.0 Server from Source in Linux