Why does cisco IOS require domain-name to be set before SSH keys can be generated?

Question

Is there a technical reason why IOS requires the device's domain-name to be set (via ip domain-name) before an SSH key can be generated? Is the domain-name used in any way in the generation of the key?

Is there any way to force the generation of a key before the domain name is set?

UPDATE: Myself (before I posted this question) and others in your answer seem to think it may be used as either a salt or a source of entropy for the key. Wouldn't the domain-name be very predictable? This doesn't seem like a suitable source of entropy.

Answer 1

It almost certainly uses the domain name as a salt in the key.

Answer 2

You do not need to set "ip domain-name" or "hostname" before creating a key. They are required if you don't name it yourself. Use the following command to name it yourself:

 crypto key generate rsa general-keys label MYKEYNAME

More info here:

http://cisco-network.com/hands-on/advanced-ssh-settings-for-cisco-ios/