Note: To fully understand the exploit you will need to fully understand how ssh keys are setup, so you will need to read this article. I was looking at the scope for SSD Secure Disclosure and I noticed one of the targets is VestaCP, I decided to take a look