I have the home directory for the daemon user set to <phabricator>/support/empty, which is owned by root:root. For some unknown reason, ssh tries to create ~/.ssh, but only if the -F flag wasn't specified. From the source code:
ssh.c
/* * Now that we are back to our own permissions, create ~/.ssh * directory if it doesn't already exist. */ if (config == NULL) { r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { ssh_selinux_setfscreatecon(buf); if (mkdir(buf, 0700) < 0) error("Could not create directory '%.200s'.", buf); ssh_selinux_setfscreatecon(NULL); } }
This diff passes -F /dev/null to ssh to prevent the ~/.ssh directory from being created. I also feel that intentionally ignoring any local SSH configuration makes the behavior of bin/ssh-connect much more predictable.