Any Debian user please note the recent security advisory, apply immediately, and then look at this link to find what you next need to do:

The vulnerability is in the crypto (openssl) library, causing keys generated on a Debian system to be emminantly predicatable. This site has generated keys, and fingerprints for all keys actually possible to be created using the bug. This means its HIGHLY likely in my opinion that a hackers or a worm may start using this soon. They also say they may be making an auto-exploit tool - The site linked above quotes “In the near future, this site will be updated to include a brute force tool that can be used quickly gain access to any SSH account that allows public key authentication using a vulnerable key”

Basically the problem exists if you allow identity/logins to be asserted via a certificate(authorized_keysfile). Ie, login with no password. You can guess the first port of attack will be on the root@your box - so if you allow remote root logins via certificate on debian, please be careful.

Pretty critical bug, but as always a great response from Debian and the community on this. Other Debian based distruibutions have not been confirmed vulnerable at this time (though may not be found to be if they did not merge the faulty code into their distributions). Update according to another blog : Any SSH or SSL keys generated on all Debian-derived systems corresponding to