Are there any facts on the NSA being able to decrypt SSH? All I saw was some Spiegel article where it showed the NSA had compromised some targets. But zero details, so it could have been as easy as a MITM and the user not verifying the public key. Or it could be an unknown exploit in the actual code.

Everything I've heard so far points to the crypto being OK. That, so far, no special NSA crypto-defeating capabilities have come out. (Hence the NSA doodle with the smiley face on the links where Google removed TLS.)

Of course the NSA might have magic powers, but nothing in the last few years suggests that possibility any more than we'd have thought before.

There was a powerpoint where they implied they could sometimes get around ssh protections. Most people assume it's not actually the protocol that's broken, but it seems like a good excuse to clean up ssh anyway.