The ssh-keysign binary is only used by the ssh command for authentication via the client's private host key (as opposed to the user's key) and username, a scheme which is rarely used and has dubious security properties. Since bugs in this program could yield local root compromise or expose the host key to users (allowing MITM attacks against ssh logins), this program should be considered high-risk and should not be installed setuid by default. It could be moved to a separate optional package or just removed.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center