Comment 9 for bug 1638537

one obvious workaround would indeed be to make snapd call out to ssh-keygen to have it handle the key generation ... if the security team does not see any drawbacks with this