diff --git a/openssh-9.8p1-gsskeyex-authmethod.patch b/openssh-9.8p1-gsskeyex-authmethod.patch
new file mode 100644
index 0000000..4fa0126
--- /dev/null
+++ b/openssh-9.8p1-gsskeyex-authmethod.patch
@@ -0,0 +1,47 @@
+diff --color -ruNp a/auth2-gss.c b/auth2-gss.c
+--- a/auth2-gss.c	2024-08-26 16:41:44.853553353 +0200
++++ b/auth2-gss.c	2024-08-26 16:57:07.478155469 +0200
+@@ -51,6 +51,7 @@
+ #define SSH_GSSAPI_MAX_MECHS	2048
+ 
+ extern ServerOptions options;
++extern struct authmethod_cfg methodcfg_gsskeyex;
+ extern struct authmethod_cfg methodcfg_gssapi;
+ 
+ static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh);
+@@ -375,12 +376,6 @@ input_gssapi_mic(int type, u_int32_t ple
+ 	return 0;
+ }
+ 
+-struct authmethod_cfg methodcfg_gsskeyex = {
+-	"gssapi-keyex",
+-	NULL,
+-	&options.gss_authentication
+-};
+-
+ Authmethod method_gsskeyex = {
+ 	&methodcfg_gsskeyex,
+ 	userauth_gsskeyex,
+diff --color -ruNp a/auth2-methods.c b/auth2-methods.c
+--- a/auth2-methods.c	2024-08-26 16:41:44.794552226 +0200
++++ b/auth2-methods.c	2024-08-26 16:57:17.047338002 +0200
+@@ -50,6 +50,11 @@ struct authmethod_cfg methodcfg_pubkey =
+ 	&options.pubkey_authentication
+ };
+ #ifdef GSSAPI
++struct authmethod_cfg methodcfg_gsskeyex = {
++	"gssapi-keyex",
++	NULL,
++	&options.gss_authentication
++};
+ struct authmethod_cfg methodcfg_gssapi = {
+ 	"gssapi-with-mic",
+ 	NULL,
+@@ -76,6 +81,7 @@ static struct authmethod_cfg *authmethod
+ 	&methodcfg_none,
+ 	&methodcfg_pubkey,
+ #ifdef GSSAPI
++	&methodcfg_gsskeyex,
+ 	&methodcfg_gssapi,
+ #endif
+ 	&methodcfg_passwd,
diff --git a/openssh.spec b/openssh.spec
index e512f61..64d401a 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -203,6 +203,7 @@ Patch1014: openssh-8.7p1-nohostsha1proof.patch
 Patch1015: openssh-9.6p1-pam-rhost.patch
 
 Patch1016: openssh-9.8p1-gsskex-regression.patch
+Patch1017: openssh-9.8p1-gsskeyex-authmethod.patch
 
 License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant
 Requires: /sbin/nologin
@@ -382,6 +383,7 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
 %patch -P 100 -p1 -b .coverity
 
 %patch -P 1016 -p1 -b .gss-regression
+%patch -P 1017 -p1 -b .gsskeyex-authmethod
 
 autoreconf
 
@@ -660,6 +662,8 @@ test -f %{sysconfig_anaconda} && \
 * Mon Aug 26 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-5
 - Restore GSS connectivity when no hostkeys are present
   Related: RHEL-42635
+- Add missing gsskeyex authentication method
+  Related: RHEL-42635
 
 * Fri Aug 16 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-4
 - Address SAST scan issues