So I discovered something interesting about SSH a couple of months ago, and something else a couple of days ago; these discoveries together answered a bunch of my questions about why I could never make SSH work properly.
First, it turns out that SSH, unlike most programs that read config files, takes the first assignment to a config variable and ignores later ones. This means that if you want overrideable global settings, for example to the User variable, you need to put them at the end of the file, not the begginning. Completely counterintuitive, but there you are.
Second, it turns out that if the remote SSH service offers public key authentication (as most do) and you haven't supplied a matching private key, SSH may start trying to use all the public keys lying around in your .ssh directory. I haven't been able to replicate this reliably, and it seems to be at least partly an interaction with ssh-agent, which is probably the real fail. It actually sounds like a reasonable plan, except that usually the remote SSH service will only let you try a few keys before it cuts you off, which means that you never get to password authentication if you need it.
So, now I have things cleaned up. My keys are in a subdirectory .ssh/keys and so far I'm not seeing the bug in question. My config file has the global config, including my default username, at the bottom. SSH seems to be a lot happier now. Who knew? (B)