It would be nice to have an authoritative way to get the pubkey fingerprint used to authenticate the current session.  It could be a new utility, an option to an existing utility, or maybe just an environment variable.

This has already been partially addressed in 2082, but as a log entry--which is fine for purely informational purposes.  Yet, if anyone wants to branch out and build functionality with that information, the log is a very brittle way to do it.  What if the format changes?  What if my distro's maintainers move it?  What if I don't have access to it?  etc, etc.

There is already a stackexchange post on the topic--which illustrates the levels of sed wrangling and distro compensation that arise from depending solely upon the log:

https://unix.stackexchange.com/questions/15575/can-i-find-out-which-ssh-key-was-used-to-access-an-account

One usage example would be having a git repo under a single machine account with multiple users under `authorized_keys` for shared development.

Another would be logging into my own account from different machines (with different keys), and wanting to script different behavior depending on which key was used.

I know most of this could be faked with command= and environment=, but those solutions seem excessively manual.