I think it takes the user as an argument, so it could relatively nicely solve the problem (though maybe would be too susceptible to DOS attacks since it requires a new process per connection attempt, although openssh should rate limit anyway?)

The SSH username is always "git".

ah, right. I do wonder why they do it that way...

HTTPS URLs are inconvenient for private repositories, and username has to be part of SSH URLs that people share when setting up a submodule or linking to a repository.

> username has to be part of SSH URLs

No? Usernames are optional in SSH URLs.

But then it defaults to the users username on device

Which isn't always in sync with their GitHub username. Which might even be "root".

surely anybody using GitHub via ssh knows how to edit their .ssh/config