A big security risk has been identified in SSH that can allow someone to get your private key.
Check your server updates or patch SSH (it’s easy !).
It’s a big security problems. Even if Yunohost don’t support by default private/public key SSH authentication.
May be we should publish it inside the Security announcement ?