Is there a way to pull a private github golang dependency over SSH

[dopey]

We are using dependabot through Github. We have a private repository repo-A which has the following .github/dependabot.yml:

version: 2

updates:
  - package-ecosystem: "gomod"
    directory: "/"
    schedule:
      interval: "weekly"

repo-A has a private github dependency for which the URL goes through a proxy that adds a go-import meta tag. Github now supports go-import meta tags, but when we originally set this up there was no built in support in Github. So repo-A has a dependency on repo-B @ go.example.com/repo-B which is then rewritten to use SSH, like git+ssh://git@github.com/my-org/repo-B.

Here is a full example of the meta tag that is added:

<meta name="go-import" content="go.example.com/repo-B git git+ssh://git@github.com/my-org/repo-B">

repo-A has a number of other public and private dependencies that all go through Github (not example.com). When the dependabot updater process runs on repo-A, trying to update any dependency, we get the following error:

go: example.com/repo-B@vX.Y.Z: reading example.com/repo-B/go.mod at revision vX.Y.Z: git ls-remote -q origin in /home/dependabot/go/pkg/mod/cache/vcs/f6f728fe...177bb43: exit status 128:
	ssh -o ControlMaster=no -o BatchMode=yes: 1: ssh: not found
	fatal: Could not read from remote repository.
	
	Please make sure you have the correct access rights
	and the repository exists.

We're trying to figure out a way around this error without changing the package location. So,

1. Is there a way to ignore downloading this package from the updater process? I've tried adding it to the ignore block but my understanding is that this just instructs dependabot not to attempt to update this particular package. The package is still pulled as part of the updater process for other packages.
2. Is there a way to have dependabot authenticate to get the package over SSH? There would need to be an SSH agent available and we would need to be able to configure it with a key.