diff --git a/scripts/generate_guidance.py b/scripts/generate_guidance.py
index 6bfbb228..ccc4391a 100755
--- a/scripts/generate_guidance.py
+++ b/scripts/generate_guidance.py
@@ -602,6 +602,14 @@ if [[ $EUID -ne 0 ]]; then
     exit 1
 fi
 
+ssh_key_check=0
+if /usr/sbin/sshd -T 2&> /dev/null; then
+    ssh_key_check=0
+else
+    /usr/bin/ssh-keygen -q -N "" -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key
+    ssh_key_check=1
+fi
+
 # path to PlistBuddy
 plb="/usr/libexec/PlistBuddy"
 
@@ -1068,6 +1076,12 @@ else
         read_options
     done
 fi
+
+if [[ "$ssh_key_check -ne 0 ]]; then
+    /bin/rm /etc/ssh/ssh_host_rsa_key
+    /bin/rm /etc/ssh/ssh_host_rsa_key.public
+    ssh_key_check=0
+fi
     """
 
     #write out the compliance script