(But I guess you knew that already.)
Do I take the ssh claim seriously? Do I just pretend the hockey monitoring paragraph isn't there?
Perhaps I should read the source for myself. http://www.spiegel.de/media/media-35515.pdf
Alas, there's very little in the way of detail. There's exactly one slide (19) dedicated to ssh, which says it can "potentially recover usernames and passwords." That would adequately describe a simple mitm attack where somebody either accepts an unknown server key or uses a client that doesn't even check (e.g. Prompt for iOS). Slides 35 and 36 mention ssh and decryption, but it sounds like they're talking about further processing after decryption. How is that decryption being done?
https://firstlook.org/theintercept/2014/12/13/belgacom-hack-...
Active attacks allow access to the keys, and once the attackers have the keys, unless the PFS is properly used, the old captured streams are readable. But often it's even easier to read the documents on the attacked machine directly.
Still, all this was known before the material we comment now. Which doesn't mean we should let PFS remain unused or wrongly used as it is now and that we shouldn't try to protect us from the active attacks.
If we worry about the decryption of our SSH traffic, do we properly use PFS? What do we do to prevent or detect active attacks?