It was recently discovered that a cloud hosting company mistakenly add SSH Host Keys to their image. Best practices state that these host keys should be unique for each host. If host keys are reused, there is no way to prevent someone else or a different system with the same key from impersonating the host and potentially performing a Man-In-The-Middle attack. I also like to regenerate the host keys whenever I use a template or have to provide “root” or “sudo” access to support personnel. It also might be a good idea to regenerate the host keys every couple of years. This is the procedure that I use to do this:
sudo /bin/rm /etc/ssh/ssh_host_* sudo ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key sudo ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key sudo ssh-keygen -t ecdsa -N "" -v -b 521 -f /etc/ssh/ssh_host_ecdsa_key