Why does Google recommend removing SSH keys from GCE for security?
Solution 1:
The only possible reason I can think of is that they want to force you to regenerate new keys.
As these keys were generated before you had access they may not be trusted.
Removing them and restarting sshd
will regenerate the keys for you.
However the document doesn't really make that clear.
This is pure speculation and it would be better to contact them and get clarification on this.
Solution 2:
The critical detail is that the page you've referenced is about creating a new Compute Engine machine image. Specifically, when you create a new virtual machine image, you want to ensure it does NOT include any host keys. That way, when the image is cloned and reconstituted into an actual VM, the sshd startup script will recognize that there are no host keys, and automatically generate new ones. This is desirable because having multiple machines using the same host key is a very bad idea.
So, in the general case, please do not go deleting your host keys, but if you are creating a new image, it's an important step in order to ensure there's a one-to-one relationship between host keys and machines.