>2nd: sshd reads _private_ keys only when reading the hostkey. > > So basically, an attacker can exploit the bug if they can modify a root-owned file. Of course, if they can modify a root owned file, you've already been owned. --Dan