Reuse of private RSA hostKey, but warnings still shows up

[consideRatio]

The following command...

sftp -P 2222 my-user@hub.jupytearth.org

Can lead to the following warning...

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: POSSIBLE DNS SPOOFING DETECTED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for [[hub.jupytearth.org](http://hub.jupytearth.org/)]:2222 has changed,
and the key for the corresponding IP address [54.190.190.96]:2222
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@  WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!   @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is

This happens even if we reuse a RSA key via https://github.com/yuvipanda/jupyterhub-ssh/pull/44.

Why?

Could it be that a public key is re-created from the fixed private key, and that public key is changed slightly via a timestamp or similar, and that causes this warning?

It seems that the provided hostKey helm chart configuration is only consumed here, as a path to the private RSA key provided.

https://github.com/yuvipanda/jupyterhub-ssh/blob/923e2302dc080f093cba4ebf489e6a375bf3f816/jupyterhub_ssh/__init__.py#L314-L321

[consideRatio]

Related

• asynssh project's documentation about specifying private keys and public keys

Questions

• Is my guess reasonable that the public key seems different, and that is whats warned about?
• What makes the public key look different when generated from the private key provided?
• Can we make the generated public key be the same or pre-generate it in a consistent way?