@lupine The kex happens symmetrically, and after the server accepts a long-term client key it presents a long-term server key, which proves the server identity like a host key does. The code as-it-is requires that the client already know that public key in advance also.

Someone building their own client could skip that step, but there's still the PSK that'd cause trouble for a man-in-the-middle.