SSHD cannot read its keyfile through a symlink

In AbstractGeneratorHostKeyProvider.loadFromFile() the configured keyPath is checked using LinkOption.NOFOLLOW_LINKS. If the path is a symlink, the key will be ignored. Perversely, this class then generates and writes out a new key (if overwriteAllowed) writing through the symlink and clobbering the original; on every startup it will ignore its own previous key and do it again.

Note this is not about following or listing symlinks for, e.g., SFTP clients (SSHD-733).

Since the key path is purely server-side configuration, SSHD should not interfere with deployment details such as whether its private key is behind a symlink.