systemd upstream ships a /usr/lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf file (and a /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf symlink to it exists in the Debian package) that disables clients' checking of SSH server host keys over AF_UNIX and AF_VSOCK connections. This breaks the SSH trust-on-first-use (or before first use with ssh-keyscan) security model for all such connections.