diff --git a/gestion/config.py b/gestion/config.py
index d979dc74..fc253504 100644
--- a/gestion/config.py
+++ b/gestion/config.py
@@ -125,6 +125,12 @@ sshfp_algo = {
         "dsa" : (2,"ssh-dss"),
     }
 
+sshkey_max_age=2*(365.25*24*3600)
+sshkey_size = {
+    'rsa':4096,
+    'dsa':1024,
+}
+
 ## Impression
 class impression:
     """Cette classe contient toutes les variables
diff --git a/gestion/gen_confs/populate_sshFingerprint.py b/gestion/gen_confs/populate_sshFingerprint.py
index 84fc0541..d73b3680 100755
--- a/gestion/gen_confs/populate_sshFingerprint.py
+++ b/gestion/gen_confs/populate_sshFingerprint.py
@@ -3,6 +3,9 @@
 import subprocess
 import sys
 import os
+import time
+import base64
+import hashlib
 from socket import gethostname
 from netifaces import interfaces, ifaddresses, AF_INET
 
@@ -30,7 +33,25 @@ def ssh_keyscan(host,algo):
     ret=p.communicate()[0].split()
     key=ret[2]
     return key
-    
+
+def ssh_md5_hash(path):
+    key=base64.b64decode(open(path).read().split()[1])
+    fpr=hashlib.md5(key).hexdigest()
+    return ':'.join(a+b for a,b in zip(fpr[::2], fpr[1::2]))
+
+def ssh_keygen(algo,size):
+    new_path='/etc/ssh/new/'
+    if not os.path.isdir(new_path):
+        os.mkdir(new_path)
+    key_path=new_path + 'ssh_host_%s_key' % algo
+    if not os.path.exists(key_path):
+        args=["/usr/bin/ssh-keygen", "-f", "%s" % key_path, "-b",  "%s" %  size,
+              "-t", "%s" % algo, "-N", ""]
+        p=subprocess.Popen(args,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
+        p.communicate()
+        fpr="Nouvelle clef ssh %s : %s\n" % (algo.upper(),ssh_md5_hash(key_path + '.pub'))
+        open('/etc/motd','a+').write(fpr)
+	print("Nouvelle clef %s générée" % key_path)
     
 def get_machines():
     machines=[]
@@ -38,11 +59,19 @@ def get_machines():
         machines.extend(conn.search('ipHostNumber=%s' %ip,mode='rw'))
     return machines
     
+def check_keys_age(key_path,algo):
+    age=time.time()-os.path.getmtime(key_path)
+    if  age > config.sshkey_max_age:
+        print("La clef ssh %s sur %s a plus de %s ans, il faudrait peut être penser à la changer." % (key_path,gethostname(),round(age/(365.25*24*3600),2)))
+        ssh_keygen(algo,config.sshkey_size[algo])
+    
 def get_local_keys():
     keys={}
     for algo in ssh_algo:
-        if os.path.isfile('/etc/ssh/ssh_host_%s_key.pub' % algo):
-            keys[algo]=open('/etc/ssh/ssh_host_%s_key.pub' % algo).read()
+        key_path='/etc/ssh/ssh_host_%s_key.pub' % algo
+        if os.path.isfile(key_path):
+            check_keys_age(key_path,algo)
+            keys[algo]=open(key_path).read()
     return keys
     
 def check_keys(keys):