# remote account

# we don't want to use eliptic curves
rm /etc/ssh/ssh_host_ecdsa_key*
remove line 'HostKey /etc/ssh/ssh_host_ecdsa_key' from '/etc/ssh/sshd_config'

# local account (always use an empty passphrase)

ssh-keygen -t rsa -b 4096 -f tmp_ssh_host_rsa_key
ssh-keygen -t dsa -b 1024 -f tmp_ssh_host_dsa_key

scp tmp_ssh_host_rsa_key root@remote:/etc/ssh/ssh_host_rsa_key
scp tmp_ssh_host_rsa_key.pub root@remote:/etc/ssh/ssh_host_rsa_key.pub
scp tmp_ssh_host_dsa_key root@remote:/etc/ssh/ssh_host_dsa_key
scp tmp_ssh_host_dsa_key.pub root@remote:/etc/ssh/ssh_host_dsa_key.pub

# remote account

chmod 600 /etc/ssh/ssh_host_dsa_key
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 644 /etc/ssh/ssh_host_dsa_key.pub
chmod 644 /etc/ssh/ssh_host_rsa_key.pub

/etc/init.d/ssh restart