The private keys need never have existed on that server. On the occasions which they are used, they need never touch the server, and the machine they're actually used on (likely a laptop with a LiveCD) doesn't need to directly communicate with the server so identifying and targeting it would be futile.