ssh_host_[algorithm]_key group owner changed after OS restoration

I've this weird problem which I can't find an answer. Recently I restored a linux machine (RHEL 7.3) from the OS tar archives. Steps taken are as below: - Create OS related filesystems tar archives, store in NFS - Create a new VM, start with Cent OS DVD - Partition disk and create filesystems accordingly - Mount NFS, untar the relevant filesystems - Make the disk bootable - Boot up the new VM with the restored OS - Take care of minor problems such as NIC, etc - IP was not changed as this VM sits in an isolated network Up until this point all services started without much problem. However when I tried to ssh into this VM it failed with a "Socket error: disconnected" I went into the VM via console, run "systemctl status sshd" I was surprised to see although the sshd service was started, there're errors complaining on the key files permission.

Permissions 0640 for 'ssh_host_ecdsa_key' are too open. 
It is required that your private key files are NOT accessible by others. 
This private key will be ignored
bad permissions: ignore key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key

...
...

I checked the owner and permission of the files in /etc/ssh directory, to my surprise the group of the key files is different from the source machine. On the restored VM, (hostname edited)

[root@restored ssh]# ls -al
total 292
drwxr-xr-x.   2 root root        225 Dec 16  2017 .
drwxr-xr-x. 170 root root      12288 Dec 13 09:50 ..
-rw-r--r--.   1 root root     242153 Sep  7  2016 moduli
-rw-r--r--.   1 root root       2208 Sep  7  2016 ssh_config
-rw-------.   1 root root       4361 Sep  7  2016 sshd_config
-rw-r-----.   1 root input       227 Dec 16  2017 ssh_host_ecdsa_key
-rw-r--r--.   1 root root        162 Dec 16  2017 ssh_host_ecdsa_key.pub
-rw-r-----.   1 root input       387 Dec 16  2017 ssh_host_ed25519_key
-rw-r--r--.   1 root root         82 Dec 16  2017 ssh_host_ed25519_key.pub
-rw-r-----.   1 root input      1675 Dec 16  2017 ssh_host_rsa_key
-rw-r--r--.   1 root root        382 Dec 16  2017 ssh_host_rsa_key.pub

On the original machine (hostname edited)

[root@original ssh]# ls -al
total 292
drwxr-xr-x.   2 root root        225 Dec 16  2017 .
drwxr-xr-x. 170 root root      12288 Dec 13 09:50 ..
-rw-r--r--.   1 root root     242153 Sep  7  2016 moduli
-rw-r--r--.   1 root root       2208 Sep  7  2016 ssh_config
-rw-------.   1 root root       4361 Sep  7  2016 sshd_config
-rw-r-----.   1 root ssh_keys    227 Dec 16  2017 ssh_host_ecdsa_key
-rw-r--r--.   1 root root        162 Dec 16  2017 ssh_host_ecdsa_key.pub
-rw-r-----.   1 root ssh_keys    387 Dec 16  2017 ssh_host_ed25519_key
-rw-r--r--.   1 root root         82 Dec 16  2017 ssh_host_ed25519_key.pub
-rw-r-----.   1 root ssh_keys   1675 Dec 16  2017 ssh_host_rsa_key
-rw-r--r--.   1 root root        382 Dec 16  2017 ssh_host_rsa_key.pub

On both machines /etc/group has the below.

[root@original ssh]# grep ssh_keys /etc/group
ssh_keys:x:999:
[root@original ssh]# grep input /etc/group
input:x:997:

I changed the group for the key files and restarted sshd and the problem was solved. However this made me feel uncomfortable with the entire restoration process. These are my questions - Why would a seemingly simple tar/untar process alter the GID of files? - If so, how can we know what and how many files are altered? Many thanks for all your valuable answers. Thanks, bongsf