Is it just as OP states in article, where you have to interact with the authentication process to provide a key (assuming no key is associated to host as you explain)?
The downside is that if you use a large range of servers, you will have to configure them to tell SSH what identities to use. This can be cumbersome if you ssh by alias (e.g. 'foo' rather than 'foo.yourcompany.com').
If you only SSH into servers you trust (a sensible practice) then the benefit is marginal.
Note that it does accept wildcards so you can do rules for *.mycompany.com
You can also use placeholders for keys, so for example I have a ssh config like:
Host *.mycompany.com
# Employer specific yubikey stuff
Host *.mydomain.com
IdentityFile ~/.ssh/keys/id_primary
Host *
IdentitiesOnly yes
IdentityFile ~/.ssh/keys/%r@%h # uses ~/.ssh/keys/git@github.com for github for example
I originally started doing this because I would have so many keys that servers would reject me for too many authentication attempts, but it also helps make it easy to use distinct keys for distinct purposes and avoiding fingerprinting like this*
Yes that's exactly what I do. I just left it as an "exercise for the reader" to not make the comment too long :)
This kind of stuff is also useful, for example, for AWS machines:
Host ec2-*.compute-1.amazonaws.com
# KeepAlive of 50 seconds, because AWS times out after 60:
# https://aws.amazon.com/blogs/aws/elb-idle-timeout-control/
ServerAliveInterval 50
I was looking for something like this.
Now I just need a guide that tackles the principles of this, but from a typescript/javascript perspective.
PS: TyTorch (from Typescript) sounds nice!