We really don’t like headlines like this, but that doesn’t stop them coming:
The good news is that this is an FYI post, but the bad news is that ssh with public key authentication is affected. And we use public keys. And we are not changing as it’s still way safer than a friggin username/password login.
A private key password (that is never ‘remembered’) and 2FA helps. But an OpenSSH update can’t come soon enough for us.