sshenvironment-variablesssh-keysfishdotfiles

how to move ssh-key related files to another directory?

i've been trying to clean up my root directory so that it isn't clustered with random dotfiles. nonetheless, on setting up the ssh-key i came to a dead-end, where i wouldn't find a way to migrate known_hosts file to the other direction ($XDG_CONFIG_HOME/ssh/config).

i used this command to generate my ssh-key:

mkdir -p $XDG_CONFIG_HOME/ssh
ssh-keygen -t ed25519 -C "my@email.com" -f $XDG_CONFIG_HOME/ssh/id_ed25519

but yet i need to create a ~/.ssh/config file to point at my $XDG_CONFIG_HOME/ssh/config file, which is frustrating because i want to get rid of the ~/.ssh directory

i used several approaches one of them was to set an env var SSH_CONFIG to $XDG_CONFIG_HOME/ssh/config but that didn't work either

⚠️ i'm using macOS and fish shell to prevent confusion

this is the $XDG_CONFIG_HOME/ssh/ directory structure:

config
id_ed25519
id_ed25519.pub
known_hosts #this file is ignored as ssh expects its in ~/.ssh/

this is the $XDG_CONFIG_HOME/ssh/config file:

GlobalKnownHostsFile $XDG_CONFIG_HOME/ssh/known_hosts #this doesn't help either 
Host github.com
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile $XDG_CONFIG_HOME/ssh/id_ed25519

and the current fix that is working, is only creating a .ssh/config with the value UserKnownHostsFile $XDG_CONFIG_HOME/ssh/known_hosts, which makes my whole migration of the files pointless.

.ssh/config file:

UserKnownHostsFile $XDG_CONFIG_HOME/ssh/known_hosts

is there something that i'm missing?

how can i fix this?

or is there a better way of organising one selfs root folder?

i tried to set the env var SSH_CONFIG but it seems to ignore it:

set -Ux SSH_CONFIG ~/.config/ssh/config #fish syntax, it's the same as: export SSH_CONFIG="$HOME/.config/ssh/config"
Solution

  • OpenSSH has no support for $XDG_CONFIG_HOME. This has been asked for years ago and rejected.

    Unfortunately the bug tracker is now login-only, so here's an archive link: https://web.archive.org/web/20190925004614/https://bugzilla.mindrot.org/show_bug.cgi?id=2050

    And here's the maintainer's justification:

    No.

    OpenSSH (and it's ancestor ssh-1.x) have a 17 year history of using ~/.ssh. This location is baked into innumerable users' brains, millions of happily working configurations and countless tools.

    Changing the location of our configuration would require a very strong justification and following a trend of desktop applications (of which OpenSSH is not) is not sufficient.

    So you'll either have to make a symlink or alias all ssh tools to read a different config file. Unfortunately, if you give -F /path/to/config:

    If a configuration file is given on the command line, the system-wide configuration file (/etc/ssh/ssh_config) will be ignored

    So this isn't a great idea either. My advice is to simply live with the directory.