SSHClient: fix the host key test

Skip the host key check only, if the transport actually used
gssapi-keyex. Add tests for the missing-host-key RejectPolicy.

Before this change, a man-in-the-middle attack on the paramiko ssh
client with gss_kex=True was possible by having a server that does not
support gssapi-keyex and gives any or no host key.

0 files changed, 0 insertions, 0 deletions