Module auth 

Identity resolution (FR-9 through FR-12).

Key discovery follows a fixed priority order:

1. CLI --identity flag — explicit path from the user.
2. Default .ssh paths — ~/.ssh/id_ed25519, ~/.ssh/id_ecdsa, ~/.ssh/id_rsa (in that order, matching modern OpenSSH defaults).
3. SSH agent — contacted via $SSH_AUTH_SOCK (Unix) (FR-9).

If a key file is encrypted, IdentityResolution::Encrypted is returned so the caller (the CLI) can prompt for a passphrase without this library depending on terminal I/O.

Structs

AgentConnection

A live connection to an SSH agent with its advertised identities.

Enums

IdentityResolution

Result returned by find_identity.

Functions

connect_agent

Attempts to connect to the SSH agent via $SSH_AUTH_SOCK and retrieve its advertised identities (FR-9, priority 3).

find_identity

Searches for an identity key according to FR-9 priority order.

load_cert

Loads an OpenSSH certificate from path (FR-12).

load_encrypted_key

Loads a passphrase-protected key file with the supplied passphrase.

wrap_key

Wraps a PrivateKey with the appropriate RSA hash algorithm.