Thanks for reminding.
OpenSSH always tries to load key ~/.ssh/id_rsa by default, even though it has no permission under sandboxed environment.
We can prompt user for the XPC component, but App Store Review team would reject the app unless the alert window is triggered by users explicitly (e.g. changing preferences or tunnel settings).
It still has some room for improvement, we will make log message guidable in future update, help users understand the problem and find the solution much easier.