If you have lately upgraded either source or from some binary, the trojan is in OpenBSD's source.
Since Debian binaries are updated BEFORE the source got trojaned, at least Debian is not affected taking the fact that you updated OpenSSH via apt-get ( and also some other distros which I dont' remember ). So if you are running OpenSSH, get the update from your distro supplier ASAP.
Now, OpenBSD has got one remote exploit. http://www.openbsd.org