"having dependencies that have to be compiled increases the risk of something going wrong".
come on. reimplementing crypto is way worse.
re .ssh/config: application level libraries might need it as well. one of the many grieves i have about mysql-workbench (or any other java tool that does ssh), is that i have to configure keys and hostnames in it another time. multihop does not even work in them. both is easy in .ssh/config.
Re .ssh/config, this only makes sense for cli tools.
If you're on a Mac and writing a desktop sandboxed GUI app, reading .ssh/config isn't even an option. Same for W8 Metro apps (if those can even contain a Node.js runtime; not sure about that).
And if you're using an ssh lib on a web site to access user-provided data using user-provided credentials, you most certainly don't need .ssh/config.
why? what about the usecase i presented? mysql-workbench is no cli app. still, i'd like it to support multi-hop. and it should do so without me configuring it separately.
edit: to make this more clear. of course a heavily sandboxed app might not support .ssh/config. but it should not be able to read my keys as well. so i don't really see the point. a web-app is a very different thing. but node is not only about web apps anymore.
Why should this library parse .ssh/config? This is an application level library. IMO it shouldn't be reading .ssh/config at all.