There is a possible problem with ssh key generation. After RedHat 7.0 is installed and the computer is rebooted then, during this first reboot ssh key is generated. The problem is: Linux /dev/urandom random generator is driven by keyboard and mouse events. Network traffic and the other things do not affect the generator. During the reboot usually no key pressed or mouse moved so the randomness, created during the reboot is probably too weak and can be easily guessed. The solution I see is before ssh key generation ask user to press some keys. Thus true random numbers will be generated and the ssh private key will not be easily guessed as it is now.
My kernel picks up around 400 bytes of entropy during bootup prior to sshd starting, measured by adding: (sleep 5 ; killall dd) & dd if=/dev/random of=/tmp/rand bs=1 to /etc/rc.d/init.d/sshd's start case. Around 384 bytes are required in the worst case: generation of DSA host key (which does a DSA parameter generation implicitly) and generation of an RSA key. This is a little too close for comfort, but I think that you would have a hard time creating a real attack out of it. The problem could be mitigated somewhat if anaconda wrote a random seed to /var/run/random-seed after the installation. The installer would pick up a lot of entropy from all the disk and keyboard/mouse activity during install. It might also be worthwhile increasing the size of the kernel entropy pool for the 2.2 kernels (2.4 can do it through proc): 512 bytes just isn't enough, especially if you are doing SSL or IPsec. linux/drivers/char/random.c supports pools up to 8k.with a simple #define
To ask user for key pressing on boot isn't a good idea. What about unattended machines? The real solution is to use true random HW generator in current chipsets but this has nothing to do with openssh which simply uses what the kernel provides. So feel free to report enhancement requests against kernel.