There's no point in running ssh-keygen under /bin/sh, so let's drop this
unnecessary indirection.
Furthermore there shouldn't be any need to run `sshd -t` before starting
the ssh daemon on the live system, as we definitely would like to get
sshd started if it was requested to so, even if there might be a
(possibly intermittent) problem with it. The test run makes sense for
reloading an already running ssh daemon, and we keep this in place.
Thanks to AndrĂ¡s Korn for spotting this
[Service]
EnvironmentFile=-/etc/default/ssh
-ExecStartPre=-/bin/sh -c "/usr/bin/ssh-keygen -A"
-ExecStartPre=/usr/sbin/sshd -t
+ExecStartPre=-"/usr/bin/ssh-keygen -A"
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
ExecReload=/usr/sbin/sshd -t
ExecReload=/bin/kill -HUP $MAINPID