You have scanned your servers using Qualys. It identified vulnerability on CentOS (Linux) server.
"OpenSSH Username Enumeration Vulnerability (CVE-2018-15473)
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Customers are advised to upgrade to <A HREF="https://www.openbsd.org/" TARGET="_blank">OpenSSH 7.8</A> or later versions to remediate this vulnerability."
Though solution suggests to install OpenSSH 7.8 or above, it is found that this is false-positive alert raised by Qualys if you have following OpenSSH version running on CentOS server
$ rpm -q openssh
The same is confirmed at – https://access.redhat.com/solutions/3830361
But if you want to update the OpenSSH version to 8.0 then follow these steps-
#Download OpenSSH 8.0
wget -c https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.0p1.tar.gz
tar -xzf openssh-8.0p1.tar.gz
## Install PAM and SELinux Headers ##
sudo yum install pam-devel libselinux-devel --yes
## Compile and Install SSH from Sources ##
./configure --with-md5-passwords --with-pam --with-selinux --with-privsep-path=/var/lib/sshd/ --sysconfdir=/etc/ssh
sudo make install
NOTE: You may observe following errors while running 'make' command-
error: *** working libcrypto not found, check config.log
fix: Install openssl-devel.x86_64 package
sudo yum install openssl-devel.x86_64
error: configure: error: no acceptable C compiler found in $PATH
fix: Install gcc package
sudo yum install gcc
Once you have installed OpenSSH, restart SSH or open another terminal windows and check the version of OpenSSH now installed on your system.
$ ssh -V
OpenSSH_8.0p1, OpenSSL 1.0.2k-fips 26 Jan 2017
Reference: If you want to install OpenSSH first time then follow this –