PCI Compliance report from COMMODO complain about OpenSSH version available in Ubuntu 16.04.
SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
This version have all security updates back ported. Installing OpenSSH from source is bad idea as you have to manually upgrade to latest version when new version is released.
Since PCI Compliance require new version of OpenSSH, i installed from source. It is better to LIMIT SSH access to your own IP using firewall or hosts.allow/deny rules.
Install requirements
apt update && apt install -y build-essential libssl-dev zlib1g-dev
Go to
https://www.openssh.com/portable.html
Download latest version of OpenSSH source code from one of the mirrors.
Download and install with
cd /usr/local/src wget https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.6p1.tar.gz tar -zxvf openssh-7.6p1.tar.gz cd /usr/local/src/openssh-7.6p1 make clean && make distclean ./configure --prefix=/usr make make install