diff --git a/tasks/main.yml b/tasks/main.yml
index 78a19f7..1966cb1 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -60,6 +60,14 @@
   loop: '{{ ssh_hardening_hostkeys }}'
   notify: Restart SSH
 
+
+- name: "Renew RSA hostkeys if too short"
+  openssh_keypair:
+    path: /etc/ssh/ssh_host_rsa_key
+    type: rsa
+    size: 4096
+  when: '"rsa" in ssh_hardening_hostkeys'
+
 ####################
 
 - name: "INCLUDE: Remove small Diffie-Hellman moduli"