As part of adding pluggable SSH authentication, the knowledge of which SshKey matched the presented public key was lost from DefaultPublicKeyAuthenticator and so could not be encoded in the access logs as a label nor included in the authentication event. This is an unfortunate regression as there's now no way to know which key was used for SSH authentication for an SCM request.