diff --git a/openssh/config.sls b/openssh/config.sls
index e336fac..dc87341 100644
--- a/openssh/config.sls
+++ b/openssh/config.sls
@@ -17,7 +17,12 @@ sshd_config:
 {% if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_keys', False) %}
 ssh_generate_host_{{ keyType }}_key:
   cmd.run:
+    {%- if salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', False) %}
+    {%- set keySize = salt['pillar.get']('openssh:generate_' ~ keyType ~ '_size', 4096) %}
+    - name: ssh-keygen -t {{ keyType }} -b {{ keySize }} -N '' -f /etc/ssh/ssh_host_{{ keyType }}_key
+    {%- else %}
     - name: ssh-keygen -t {{ keyType }} -N '' -f /etc/ssh/ssh_host_{{ keyType }}_key
+    {%- endif %}
     - creates: /etc/ssh/ssh_host_{{ keyType }}_key
     - user: root
 
diff --git a/pillar.example b/pillar.example
index e7d1575..80af4a6 100644
--- a/pillar.example
+++ b/pillar.example
@@ -91,6 +91,7 @@ openssh:
       ecdsa-sha2-nistp256 NOT_DEFINED
 
   generate_rsa_keys: False
+  generate_rsa_size: 4096
   absent_rsa_keys: False
   provide_rsa_keys: False
   rsa: