[Toddward]

I almost can't believe someone would commit their .ssh directory to a public GitHub repo.

Seriously - why? Your public key, sure, but the entire directory?

[teilo]

In all likelihood, these are NOT the user's private SSH keys, but a key generated for the service that the user is developing - such as a key to run backups and issue remote commands. Thus I can well see that the key could be committed as part of an application stack.

[mkhattab]

No, some of these repositories are user's dotfiles. See this for example, https://github.com/gomachan/dotfiles

There are many examples like this.

[gavingmiller]

I purpose a corollary to Hanlon's razor: Never attribute to stupidity that which is adequately explained by ignorance?

[kbar13]

ignorance is almost always the explanation

[ef4]

The authorized_keys and known_hosts are nice to be able to share across machines.

But of course you also want to be real careful about authenticating them (a signed tag in Git can serve that purpose).