Brilliant and thanks to all. I am somewhat assured on security and worked out the keys were generated on first boot. I was having problems with ownership having removed the offending key with ssh-keygen because the new file was owned by root. I have it sorted now.
Regarding security my remaining concern is that downloaded add-ons may make me vulnerable. Am now installing VPN.