kex: Do not ignore keys in known_hosts files
Previously, if the SSH_OPTIONS_HOSTKEYS option was set by any mean,
including the client configuration file, the keys in known_hosts files
wouldn't be considered before advertising the list of wanted host keys.
This could result in the client requesting the server to provide a
signature using a key not present in the known_hosts files (e.g. when
the first wanted algorithm in SSH_OPTIONS_HOSTKEYS is not present in the
known_hosts files), causing a host key mismatch and possible key
Now, the keys present in the known_hosts files are prioritized over the
other wanted keys. This do not change the fact that only keys of types
present in the list set in SSH_OPTIONS_HOSTKEYS will be accepted and
prioritized following the order defined by such list.
The new wanted list of hostkeys is given by:
- The keys present in known_hosts files, ordered by preference defined in SSH_OPTIONS_HOSTKEYS. If the option is not set, a default order of preference is used.
- The other keys present in the same option are appended without adding duplicates. If the option is not set, the default list of keys is used.
Signed-off-by: Anderson Toshiyuki Sasaki <firstname.lastname@example.org>
Reviewed-by: Jakub Jelen <email@example.com>
(cherry picked from commit f18a7cc17e399ae7bc92f707da3a676c52fd948e)