A serious bug in the Debian implementation of OpenSSL was found last week that allows an attacker to guess the key.  The vulnerability lies in the random number generator used by this version of OpenSSL and effects any keys created by OpenSSL, including those for SSH.  Updates are available for this flaw and any keys generated between September 2006 and May 13, 2008 should be recreated.  You can recreate these keys with ssh-keygen.  Remember that any clients that have connected to that server will need to delete the key they already have for that server and fetch the new one.  You can read more about this vulnerability on ComputerWorld's website.