One of the exploits writes a public key to the authorized_keys file, so it does require SSH be open as well.