OpenSSH client have a critical vlunerability, this allow compromised servers steal your private key.
This is because an expeirmental feature in SSH Client, UseRoaming is enabled by default.
You can find more about this bug at
With latest version, this feature is disabled.
If you using SSH Client on your server or home computer, you should edit /etc/ssh/ssh_config and add