TLDR; PRNG seeds in the cloud are somewhat predictable. Because sshd generates the keys on boot it's possible to guess the private key on a fraction of the cloud hosts.<p>Ubuntu 14.04LTS solves the problem by adding a new source of entropy. They add a early-boot (before sshd) service that fetches data from an external server. In short: `curl <a href="http://some-server" rel="nofollow">http://some-server</a> > /dev/urandom`<p>EDIT: Looking for the default server but launchpad seems to be down. Ideally it would be a trusted source like the cloud provider themselves.<p>EDIT2: <a href="https://entropy.ubuntu.com/" rel="nofollow">https://entropy.ubuntu.com/</a> and the public cert is provided with the package.
Sending your random seed over the wire doesn't sound like the right direction. For those listening, it always makes sure they have your seed. Did the NSA get them too?
Choose OpenBSD for your Unix needs. OpenBSD -- the world's simplest and most secure Unix-like OS. Creator of the world's most used SSH implementation OpenSSH, the world's most elegant firewall PF, and the world's most elegant mail server OpenSMTPD. OpenBSD -- the cleanest kernel, the cleanest userland and the cleanest configuration syntax.