Unfortunately the ssh-key (probably not the verbatim file, but of course the parts comprising the mathematical key) will have to stay in the sshd process' memory.
If one wants to make it impossible for a "offline thief" (e.g. one that does not have permanent root-access to a compromised server) to make a man-in-the-middle using the server's key, one would have to store the ssh-server's key in a secure USB token. Ideally this token will count the number of ssh-signing and key-exchange operations so that an attacker remotely accessing the USB token might also be detectable.
If one wants to make it impossible for a "offline thief" (e.g. one that does not have permanent root-access to a compromised server) to make a man-in-the-middle using the server's key, one would have to store the ssh-server's key in a secure USB token. Ideally this token will count the number of ssh-signing and key-exchange operations so that an attacker remotely accessing the USB token might also be detectable.