Summary
The SSH config resolver collects multiple IdentityFile entries into resolved.IdentityFiles, but applyResolved only uses resolved.IdentityFiles[0]. All additional identity files from the SSH config are silently discarded.
Location
ssh/resolve.go:87-88
if params.IdentityFile == "" && len(resolved.IdentityFiles) > 0 {
params.IdentityFile = resolved.IdentityFiles[0]
}Impact
Users with SSH configs specifying multiple identity files per host will only have the first one tried. This deviates from OpenSSH behavior which tries all configured keys in order.
Suggested Fix
Either iterate through all identity files (trying each until one succeeds) or document why only the first is used.
Summary
The SSH config resolver collects multiple
IdentityFileentries intoresolved.IdentityFiles, butapplyResolvedonly usesresolved.IdentityFiles[0]. All additional identity files from the SSH config are silently discarded.Location
ssh/resolve.go:87-88Impact
Users with SSH configs specifying multiple identity files per host will only have the first one tried. This deviates from OpenSSH behavior which tries all configured keys in order.
Suggested Fix
Either iterate through all identity files (trying each until one succeeds) or document why only the first is used.