The SSH host key changes each time when audit SSH is enabled

Additional information

Network policies

What is the issue you’re encountering

When a network policy has “Audit SSH” as the action, every time a new connection is made the SSH client alerts that the host key has changed. In the documentation it does mention removing any existing host key however I would not expect this to be required every single time. If this is by design, can it be possible to have the host keys issued by the Gateway SSH CA?

Is there anyone who can confirm if this behavior (albeit terrible) is expected/by design?

If so, is there any roadmap to persist the host key used to proxy the SSH connection so it is stable across connections or have the host key signed by the Gateway SSH CA so it can be trusted by adding something like the following to .ssh/known_hosts:

@cert-authority * ecdsa-sha2-nistp256 SSH_PUBLIC_KEY_FOR_GATEWAY_CA [email protected]