Previous versions of Raspbian (prior to November 2016) had SSH enabled by default. They also had a default username (pi) and password (raspberry) this was done to make first time setup for new users easier. But this obviously represents a large security hole. The new release (November 2016) disables SSH by default, and will also display a warning if SSH is enabled without changing the the default password.
The contents of the ssh file do not matter - you can create an empty file like we did above.
During boot up the Pi will look for this file. If it exists SSH will be enabled and the file deleted.