diff --git a/openssh.spec b/openssh.spec
index e682f3e..4a8b521 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -804,6 +804,8 @@ test -f %{sysconfig_anaconda} && \
 * Thu May 02 2024 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-40
 - Correctly audit hostname and IP address
   Resolves: RHEL-22316
+- Make default key sizes configurable in sshd-keygen
+  Resolves: RHEL-26454
 
 * Wed Apr 24 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-39
 - Use FIPS-compatible API for key derivation
diff --git a/sshd-keygen b/sshd-keygen
index 141814c..0fd2a53 100644
--- a/sshd-keygen
+++ b/sshd-keygen
@@ -9,8 +9,14 @@ case $KEYTYPE in
 		if [[ -r "$FIPS" && $(cat $FIPS) == "1" ]]; then
 			exit 0
 		fi ;;
-	"rsa") ;; # always ok
-	"ecdsa") ;;
+	"rsa")
+		if [[ ! -z $SSH_RSA_BITS  ]]; then
+			SSH_KEYGEN_OPTIONS="-b $SSH_RSA_BITS"
+		fi ;; # always ok
+	"ecdsa") 
+		if [[ ! -z $SSH_ECDSA_BITS  ]]; then
+			SSH_KEYGEN_OPTIONS="-b $SSH_ECDSA_BITS"
+		fi ;;
 	*) # wrong argument
 		exit 12 ;;
 esac
@@ -25,7 +31,7 @@ fi
 rm -f $KEY{,.pub}
 
 # create new keys
-if ! $KEYGEN -q -t $KEYTYPE -f $KEY -C '' -N '' >&/dev/null; then
+if ! $KEYGEN -q -t $KEYTYPE $SSH_KEYGEN_OPTIONS -f $KEY -C '' -N '' >&/dev/null; then
 	exit 1
 fi