If generating a legacy certificate using the -t option, a vulnerability could be exploited by attackers to gain knowledge of sensitive information. If legacy certificates have been issued using OpenSSH version 5.6/5.7, consider rotating any CA key used. OpenSSH recommend upgrading to version 5.8 available here or apply this patch.
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.