Organizations accumulate large numbers of SSH keys because end users can create new SSH keys or even duplicate them. This is how a large number of SSH keys are built up over time, and it makes organization difficult to track them when development servers are migrated into the production phase or when employees leave the company their keys are not changed which might create a problem later.
Many IT and security professionals rarely change and re-distribute keys for fear that a critical component or employee could also be forgotten. These factors typically end in a surge of static SSH keys. The attackers might affect unchanged keys and can grant unauthorized access to sensitive data and assets which can be a huge loss to any company.
