[radialbrain]

The solution to that is to use the IdentityFile directive in your ~/.ssh/config with username / hostname expansion. I use:

    Host *
        # Disable SSHv1
        RSAAuthentication no

        # Only use a key explicitely provided by an IdentityFile directive
        IdentitiesOnly yes

        # %h expands to the hostname, and %u to the username
        IdentityFile ~/.ssh/%h/%u.key

This ensures that at most one key is used, and prevents me from having to modify my config every time I generate a key for a new host.

[josho]

The point remains, there isn't much benefit to using a different key per host. What attack vector is this extra effort protecting you from?

[georgehotelling]

Awesome, I did not realize you could use filename templates for SSH keys. Thanks!