diff --git a/backend/src/update/mod.rs b/backend/src/update/mod.rs
index adcdf0f98..8f1612dbc 100644
--- a/backend/src/update/mod.rs
+++ b/backend/src/update/mod.rs
@@ -114,6 +114,12 @@ impl WritableDrives {
     fn as_fs(&self) -> impl FileSystem {
         BlockDev::new(self.block_dev())
     }
+    fn invert(&self) -> WritableDrives {
+        match self {
+            Self::Green => Self::Blue,
+            Self::Blue => Self::Green,
+        }
+    }
 }
 
 /// This will be where we are going to be putting the new update
@@ -251,6 +257,8 @@ async fn do_update(
     new_label: NewLabel,
 ) -> Result<(), Error> {
     download.await?;
+    copy_machine_id(new_label).await?;
+    copy_ssh_host_keys(new_label).await?;
     swap_boot_label(new_label).await?;
 
     Ok(())
@@ -384,6 +392,57 @@ async fn check_download(hash_from_header: &str, file_digest: Vec<u8>) -> Result<
     Ok(())
 }
 
+async fn copy_machine_id(new_label: NewLabel) -> Result<(), Error> {
+    let new_guard = TmpMountGuard::mount(&new_label.0.as_fs()).await?;
+    let old_guard = TmpMountGuard::mount(&new_label.0.invert().as_fs()).await?;
+    tokio::fs::copy(
+        old_guard.as_ref().join("etc/machine-id"),
+        new_guard.as_ref().join("etc/machine-id"),
+    )
+    .await?;
+    new_guard.unmount().await?;
+    old_guard.unmount().await?;
+    Ok(())
+}
+
+async fn copy_ssh_host_keys(new_label: NewLabel) -> Result<(), Error> {
+    let new_guard = TmpMountGuard::mount(&new_label.0.as_fs()).await?;
+    let old_guard = TmpMountGuard::mount(&new_label.0.invert().as_fs()).await?;
+    tokio::fs::copy(
+        old_guard.as_ref().join("etc/ssh/ssh_host_rsa_key"),
+        new_guard.as_ref().join("etc/ssh/ssh_host_rsa_key"),
+    )
+    .await?;
+    tokio::fs::copy(
+        old_guard.as_ref().join("etc/ssh/ssh_host_rsa_key.pub"),
+        new_guard.as_ref().join("etc/ssh/ssh_host_rsa_key.pub"),
+    )
+    .await?;
+    tokio::fs::copy(
+        old_guard.as_ref().join("etc/ssh/ssh_host_ecdsa_key"),
+        new_guard.as_ref().join("etc/ssh/ssh_host_ecdsa_key"),
+    )
+    .await?;
+    tokio::fs::copy(
+        old_guard.as_ref().join("etc/ssh/ssh_host_ecdsa_key.pub"),
+        new_guard.as_ref().join("etc/ssh/ssh_host_ecdsa_key.pub"),
+    )
+    .await?;
+    tokio::fs::copy(
+        old_guard.as_ref().join("etc/ssh/ssh_host_ed25519_key"),
+        new_guard.as_ref().join("etc/ssh/ssh_host_ed25519_key"),
+    )
+    .await?;
+    tokio::fs::copy(
+        old_guard.as_ref().join("etc/ssh/ssh_host_ed25519_key.pub"),
+        new_guard.as_ref().join("etc/ssh/ssh_host_ed25519_key.pub"),
+    )
+    .await?;
+    new_guard.unmount().await?;
+    old_guard.unmount().await?;
+    Ok(())
+}
+
 #[instrument]
 async fn swap_boot_label(new_label: NewLabel) -> Result<(), Error> {
     let block_dev = new_label.0.block_dev();