To better protect everybody from the recent openssl holes that Debian introduced, we’re upgrading our SSH packages to a newer version that allows us to blacklist public keys that were generated using the broken systems. This new blacklisting only affects people using public key authentication (ie if you use a password to log in, this won’t affect you). If you _do_ use public key authentication and suddenly are unable to log in without a password, it’s probably because you generated your ssh key on a broken Debian or Ubuntu box and will need to generate a new ssh key.