Our PCI scan reported CVE-2016-20012 as a vulnerability. However, on AlmaLinux 8, the current official version of OpenSSH (8.01p) the option “PubkeyDisablePKCheck” is not available to allow us to prevent this issue. RedHat has deferred this fix for AlmaLinux 8:
https://access.redhat.com/security/cve/cve-2016-20012
How can we pass the PCI scan on AlmaLinux 8?