From Debian package 0.0.20080702-4
In russell-20080929.diff

Let sshd read key blacklist

Index: policy/modules/services/ssh.te
===================================================================
--- policy/modules/services/ssh.te.orig
+++ policy/modules/services/ssh.te
@@ -44,6 +44,11 @@
 	init_ranged_daemon_domain(sshd_t, sshd_exec_t, s0 - mcs_systemhigh)
 ')
 
+ifdef(`distro_debian', `
+# for key blacklist related to openssl bug
+	allow sshd_t usr_t:file read_file_perms;
+')
+
 type ssh_t;
 type ssh_exec_t;
 typealias ssh_t alias { user_ssh_t staff_ssh_t sysadm_ssh_t };