diff -up openssh-9.8p1/sshd-session.c.xxx openssh-9.8p1/sshd-session.c
--- openssh-9.8p1/sshd-session.c.xxx	2024-08-26 13:23:33.071882129 +0200
+++ openssh-9.8p1/sshd-session.c	2024-08-26 13:26:02.990528767 +0200
@@ -1229,8 +1229,9 @@ main(int ac, char **av)
 			break;
 		}
 	}
-	if (!have_key)
-		fatal("internal error: monitor received no hostkeys");
+	/* The GSSAPI key exchange can run without a host key */
+	if (!have_key && !options.gss_keyex)
+		fatal("internal error: monitor received no hostkeys and GSS KEX is not configured");
 
 	/* Ensure that umask disallows at least group and world write */
 	new_umask = umask(0077) | 0022;
@@ -1565,7 +1565,7 @@ do_ssh2_kex(struct ssh *ssh)
 	if (gss && orig)
 		xasprintf(&newstr, "%s,%s", gss, orig);
 	else if (gss)
-		newstr = gss;
+		xasprintf(&newstr, "%s,%s", gss, "kex-strict-s-v00@openssh.com");
 	else if (orig)
 		newstr = orig;
 
@@ -1575,7 +1575,7 @@ do_ssh2_kex(struct ssh *ssh)
 	 * host key algorithm we support
 	 */
 	if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
-		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
+		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = xstrdup("null");
 
 	if (newstr)
 		myproposal[PROPOSAL_KEX_ALGS] = newstr;