Comment 7 for bug 246558

How about if I key off whether GSSAPIKeyExchange is set?

E.g. extend host_keys_required like so:

hostkeys="$(get_config_option HostKey)"
if [ "$hostkeys" ]; then
    echo "$hostkeys"
else
    if [ "$(get_config_option GSSAPIKeyExchange)" != "yes" ]
    then
        # No HostKey directives at all, so the server picks some
        # defaults depending on the setting of Protocol.
        [...]
    fi
fi

So, if the user has HostKeys set, those will be generated if they do not exist. If no HostKeys are set, and GSSAPIKeyExchange is set, we don't generate keys the user does not want. Will that make everyone happy?