SSH + some crypto handling bug? Because how the attacker will access your server without some exposed service.. I hope it is not apache.