diff --git a/openssh/config.sls b/openssh/config.sls
index 3cf3376..2f3a29e 100644
--- a/openssh/config.sls
+++ b/openssh/config.sls
@@ -14,7 +14,14 @@ sshd_config:
       - service: openssh
 
 {% for keyType in ['ecdsa', 'dsa', 'rsa'] %}
-{% if salt['pillar.get']('openssh:provide_' ~ keyType ~ '_keys', False) %}
+{% if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_keys', False) %}
+ssh_generate_host_{{ keyType }}_key:
+  cmd.run:
+    - name: ssh-keygen -t {{ keyType }} -N '' -f /etc/ssh/ssh_host_{{ keyType }}_key
+    - creates: /etc/ssh/ssh_host_{{ keyType }}_key
+    - user: root
+
+{% elif salt['pillar.get']('openssh:provide_' ~ keyType ~ '_keys', False) %}
 ssh_host_{{ keyType }}_key:
   file.managed:
     - name: /etc/ssh/ssh_host_{{ keyType }}_key
diff --git a/pillar.example b/pillar.example
index 678e2f3..42007da 100644
--- a/pillar.example
+++ b/pillar.example
@@ -59,6 +59,9 @@ openssh:
   provide_dsa_keys: False
   provide_ecdsa_keys: False
   provide_rsa_keys: False
+  generate_dsa_keys: False
+  generate_ecdsa_keys: False
+  generate_rsa_keys: False
   rsa:
     private_key: |
       -----BEGIN RSA PRIVATE KEY-----