I have not yet analyzed precisely what is being checked for in the injected code, to allow unauthorized access. Since this is running in a pre-authentication context, it seems likely to allow some form of access or other form of remote code execution.
The affected versions are not yet widely shipped, but checking systems for the bad version would be a good idea.
Update: there are advisories out now from Arch, Debian, Red Hat, and openSUSE.
A further update from openSUSE:
For our openSUSE Tumbleweed users where SSH is exposed to the internet we recommend installing fresh, as itβs unknown if the backdoor has been exploited. Due to the sophisticated nature of the backdoor an on-system detection of a breach is likely not possible. Also rotation of any credentials that could have been fetched from the system is highly recommended.