Also, @Sean, to further your comment.
When I buy a bright new shiny thing, it has a serial number on the bar code label on the box.
It has the same serial number on a sticky label on the bottom (in especially difficult to read typeface) of the shiny thing.
The same serial number can be viewed in the badly designed, insecure, web page that laughingly passes for an admin interface for the shiny thing.
So, IMHO, it really cannot be difficult to generate SSH keys and install them on the production line.