Syntax: Unset ssh -o config value?

Edit 2020: These days (with OpenSSH 8.1p1), there is a keyword none, which should allow you to unset previously set values for PKCS11Provider configuration option.

It is not possible to unset configuration value from the way how config-reading is made in ssh internals.

You should think about it the other way round. Where do you set this value? You should do this in ~/.ssh/config.

If you use your smart card only for specific hosts, you should put this option into the Match host block.

You run cron scripts under your user? You can use Match exec block to check if you run interactive session or from cron. Or you can even write some script that would check if the cart is there (again use Match exec). If you run it with different user, give him its config file without this option (in his home directory).

Or you can simply provide different ssh_config to the cron script ssh (using -F switch), where you will not have this option set. There are many possibilities in this way. If you are interested in on particular, I can add more details.

Your PKCS11 library sounds dodgy to me if it doesn't just report no keys if no token/smartcard is present.

FWIW, on openssh 6.6.1,

ssh -o IdentitiesOnly=yes

will not try to authenticate with keys obtained from the PKCS11 library, but it does seem to try and read them anyway, and

ssh -I /dev/null

complained with dlopen /dev/null failed: /dev/null: file too short but went on to ask me for interactive login (since I had no suitable keypair, but -vv showed me that local key pairs were still offered).