diff --git a/data/gen-sshd-host-keys b/data/gen-sshd-host-keys
deleted file mode 100755
index f61cae16168fc6f7dd71c527bc9dbaf6ac338db5..0000000000000000000000000000000000000000
--- a/data/gen-sshd-host-keys
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/sh
-#
-# Generate missing ssh host keys
-# code copied from openssh-server postinst to address
-# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594175
-
-set -e
-
-export LC_ALL=C.UTF-8
-
-get_config_option() {
-        option="$1"
-
-        [ -f /etc/ssh/sshd_config ] || return
-
-        # TODO: actually only one '=' allowed after option
-        perl -lne '
-                s/[[:space:]]+/ /g; s/[[:space:]]+$//;
-                print if s/^[[:space:]]*'"$option"'[[:space:]=]+//i' \
-           /etc/ssh/sshd_config
-}
-
-
-host_keys_required() {
-        hostkeys="$(get_config_option HostKey)"
-        if [ "$hostkeys" ]; then
-                echo "$hostkeys"
-        else
-                # No HostKey directives at all, so the server picks some
-                # defaults.
-                echo /etc/ssh/ssh_host_rsa_key
-                echo /etc/ssh/ssh_host_ecdsa_key
-                echo /etc/ssh/ssh_host_ed25519_key
-        fi
-}
-
-create_key() {
-	msg="$1"
-	shift
-	hostkeys="$1"
-	shift
-	file="$1"
-	shift
-
-	if echo "$hostkeys" | grep -x "$file" >/dev/null && \
-	   [ ! -f "$file" ] ; then
-		echo -n $msg
-		ssh-keygen -q -f "$file" -N '' "$@"
-		echo
-		if which restorecon >/dev/null 2>&1; then
-			restorecon "$file" "$file.pub"
-		fi
-		ssh-keygen -l -f "$file.pub"
-	fi
-}
-
-
-create_keys() {
-	hostkeys="$(host_keys_required)"
-
-	create_key "Creating SSH2 RSA key; this may take some time ..." \
-		"$hostkeys" /etc/ssh/ssh_host_rsa_key -t rsa
-	create_key "Creating SSH2 DSA key; this may take some time ..." \
-		"$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
-	create_key "Creating SSH2 ECDSA key; this may take some time ..." \
-		"$hostkeys" /etc/ssh/ssh_host_ecdsa_key -t ecdsa
-	create_key "Creating SSH2 ED25519 key; this may take some time ..." \
-		"$hostkeys" /etc/ssh/ssh_host_ed25519_key -t ed25519
-}
-
-create_keys
diff --git a/data/sshd-host-keys.service b/data/sshd-host-keys.service
deleted file mode 100644
index d65249a2dbed0e7057ace5374837e906db42377d..0000000000000000000000000000000000000000
--- a/data/sshd-host-keys.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Generate OpenSSH daemon host keys service
-ConditionPathExists=/usr/sbin/sshd
-ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
-Before=ssh.service
-Before=ssh.socket
-
-[Service]
-Type=oneshot
-ExecStart=/usr/local/bin/gen-sshd-host-keys
-ExecStop=/bin/true
-
-[Install]
-WantedBy=ssh.service
-WantedBy=ssh.socket
diff --git a/root.sh b/root.sh
index a122d1c581bda6f96e21f78411dae6ad3f7f2cda..4e78575349e673da950b08c6c24b19a3859d2ecb 100755
--- a/root.sh
+++ b/root.sh
@@ -167,10 +167,7 @@ function setup_journal()
 function setup_sshd()
 {
     [ -x "${basedir}/usr/sbin/sshd" ] || return
-    # Generate new host keys on first boot
-    cp data/gen-sshd-host-keys "${basedir}/usr/local/bin/"
-    cp data/sshd-host-keys.service "${basedir}/etc/systemd/system/"
-    chroot "${basedir}" systemctl enable sshd-host-keys.service
+    # Make sure unique host keys are generated on first boot
     chroot "${basedir}" rm -f /etc/ssh/ssh_host_*
 }