Re: Not just IoShit
I discovered the same problem in an open-source intrusion detection system distribution a year or two back as well. Every installation from the ISO they provided would include the same SSH private key. I notified the author and in less then a day they had a new ISO posted with a modified installer that generated a new key during installation.