Following the recent major rewrite, the CLI no longer identifies the user by their SSH private key.
Previously, a cli.jar request did not need the username or password to be specified, just that the user had added their public key to their jenkins user config.
This new behaviour is the case whether the user specifies the -i option or not. Looking at the source code, hudson.cli.CLI does check that it can access the user's key(s), but then ignores them in the default (http) configuration.
If this is the new intended behaviour it may be worth specifying it in the documentation or release notes/ blog article as I suspect many other peoples' automations will fail as they upgrade to 2.46. The -i option should also be thrown as invalid in http mode.
The "fix" for clients is to specify the `-ssh` and `-user <xyz>` flags on the command line rather than leaving them out. I believe you also now have to manually enable the in-built ssh server in the jenkins config as it's disabled by default.
Slightly confusingly, you do still have to specify the `-s <protocol:host:port>` flag pointing to the http base url & port, even though you're using ssh mode.