Is this an issue for the Box? I presume there'll be a fix & debian will include it so we should be covered, but it seems worth noting. http://www.itworld.com/article/2951494/bug-exposes-openssh-servers-to-bruteforce-password-guessing-attacks.html