Integration

SSH keys and hosts

fd0 stores SSH keys and host entries as scope-shared secrets. The agent serves keys over the standard ssh-agent protocol. Host entries render to ~/.ssh/fd0.conf.

Enable native ssh

$ fd0 ssh enable
$ export SSH_AUTH_SOCK="$(fd0 ssh sock)"

fd0 ssh enable writes the fd0 config file and adds an Include line to ~/.ssh/config with confirmation. After that, normal ssh, git, scp, and compatible tools can use fd0 keys.

Add a key and host

$ fd0 key add laptop --scope work
$ fd0 ssh add prod-db app@db.internal --key laptop --scope work
$ fd0 sync

$ fd0 ssh prod-db
$ ssh prod-db
fd0 key add <name> [--import <path>]

Generate an ed25519 key, or import an existing OpenSSH key. Private bytes stay encrypted in fd0.

fd0 ssh add <alias> [user@]host[:port] --key <name>

Create a structured host entry and re-render ~/.ssh/fd0.conf.

fd0 ssh ls

List host aliases.

fd0 ssh show <alias>

Show the host record and rendered ssh_config block.

fd0 ssh rm <alias>

Remove the host entry and re-render the config.

Team sharing

Keys and hosts belong to scopes. Add a teammate to the scope and their next fd0 sync pulls the same key and host inventory. Nativessh works after that teammate enables fd0 SSH once on their device so their SSH config includes fd0 and SSH_AUTH_SOCK points at the fd0 agent. Remove them and the scope key rotates for future changes.

What fd0 does not do

fd0 does not edit remote sshd_config, deployauthorized_keys, or run ssh-copy-id. Use your normal provisioning tool for remote machines.