[rjh29]

The downside is that if you use a large range of servers, you will have to configure them to tell SSH what identities to use. This can be cumbersome if you ssh by alias (e.g. 'foo' rather than 'foo.yourcompany.com').

If you only SSH into servers you trust (a sensible practice) then the benefit is marginal.

[Macha]

Note that it does accept wildcards so you can do rules for *.mycompany.com

You can also use placeholders for keys, so for example I have a ssh config like:

    Host *.mycompany.com
        # Employer specific yubikey stuff
    
    Host *.mydomain.com
        IdentityFile ~/.ssh/keys/id_primary

    Host *
        IdentitiesOnly yes
        IdentityFile ~/.ssh/keys/%r@%h # uses ~/.ssh/keys/git@github.com for github for example

I originally started doing this because I would have so many keys that servers would reject me for too many authentication attempts, but it also helps make it easy to use distinct keys for distinct purposes and avoiding fingerprinting like this*

[j1elo]

Yes that's exactly what I do. I just left it as an "exercise for the reader" to not make the comment too long :)

This kind of stuff is also useful, for example, for AWS machines:

  Host ec2-*.compute-1.amazonaws.com
      # KeepAlive of 50 seconds, because AWS times out after 60:
      # https://aws.amazon.com/blogs/aws/elb-idle-timeout-control/
      ServerAliveInterval 50

[jmmv]

Additionally, you can also do:

Host foo foo.example.com some.other.alias

[rjh29]

Nice tip about the placeholder, I will steal that. Thanks.