diff --git a/changelogs/fragments/598-openssh_keypair-generate-new-key.yml b/changelogs/fragments/598-openssh_keypair-generate-new-key.yml
new file mode 100644
index 00000000..723e8704
--- /dev/null
+++ b/changelogs/fragments/598-openssh_keypair-generate-new-key.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "openssh_keypair - always generate a new key pair if the private key does not exist. Previously, the module would fail when ``regenerate=fail`` without an existing key, contradicting the documentation (https://github.com/ansible-collections/community.crypto/pull/598)."
diff --git a/plugins/module_utils/openssh/backends/keypair_backend.py b/plugins/module_utils/openssh/backends/keypair_backend.py
index 7fef744b..8876a340 100644
--- a/plugins/module_utils/openssh/backends/keypair_backend.py
+++ b/plugins/module_utils/openssh/backends/keypair_backend.py
@@ -171,8 +171,10 @@ class KeypairBackend(OpensshModule):
         pass
 
     def _should_generate(self):
-        if self.regenerate == 'never':
-            return self.original_private_key is None
+        if self.original_private_key is None:
+            return True
+        elif self.regenerate == 'never':
+            return False
         elif self.regenerate == 'fail':
             if not self._private_key_valid():
                 self.module.fail_json(
@@ -180,7 +182,7 @@ class KeypairBackend(OpensshModule):
                         "To force regeneration, call the module with `generate` set to " +
                         "`partial_idempotence`, `full_idempotence` or `always`, or with `force=yes`."
                 )
-            return self.original_private_key is None
+            return False
         elif self.regenerate in ('partial_idempotence', 'full_idempotence'):
             return not self._private_key_valid()
         else:
diff --git a/tests/integration/targets/openssh_keypair/tests/regenerate.yml b/tests/integration/targets/openssh_keypair/tests/regenerate.yml
index cc8c0b67..16da187b 100644
--- a/tests/integration/targets/openssh_keypair/tests/regenerate.yml
+++ b/tests/integration/targets/openssh_keypair/tests/regenerate.yml
@@ -24,6 +24,7 @@
     type: rsa
     size: 1024
     backend: "{{ backend }}"
+    regenerate: "{{ item }}"
   loop: "{{ regenerate_values }}"
 - name: "({{ backend }}) Regenerate - setup password protected keys"
   command: 'ssh-keygen -f {{ remote_tmp_dir }}/regenerate-b-{{ item }} -N {{ passphrase }}'