> Presumably you would have to connect to a malicious host to be effected?

Malicious or compromised.

> roaming code in the ssh client could be tricked by a hostile sshd server, potentially leaking key material.