SSH host keys issues on RHEL/CentOS 7

Older builds of OS images for RHEL/CentOS that used an openssh-server package version of 6.6.1p1-25 or earlier suffers from the SSH host keys (located under /etc/ssh) having permissions that are too open, with the private keys having the read flag for the groups owning the keys.

If you happen to see errors like this in the sshd logs:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: UNPROTECTED PRIVATE KEY FILE!         @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
key_load_private: bad permissions
Could not load host key: /etc/ssh/ssh_host_rsa_key

Please execute the following command to fix the permission errors:
chmod go-r /etc/ssh/*

Feedback and Knowledge Base