SSH and Multiple Keys

I do a lot of stuff with SSH.  And I’m a fan of using separate keys for most things: the generic public key


for my specific workstation; and then a special, non-workstation-specific key for other stuff.

So I’ve got a key for things like:

  • Digital Ocean
  • BitBucket
  • GitHub

Frustratingly enough, once one has enough identities, one runs into a problem: Too many authentication failures.  Every time I see it, I have to go figure out why, and a workaround.  And that’s a couple of precious minutes that I’ll never get back.

Well, I’ve finally found a solution…  I actually already had it, I just forgot. My salvation lies in this file:


The key is actually the first part, “Host *”, which is like a per-domain catch-all:

GSSAPIAuthentication no
Host *
    PubkeyAuthentication no
Host test
    User danf
    IdentityFile /home/danf/.ssh/
Host *
    IdentityFile /home/danf/.ssh/
Host cs
    User danf
    IdentityFile /home/danf/.ssh/
    IdentitiesOnly yes
    ServerAliveInterval 20

Oh, and this configuration allows me to use shortcuts that don’t have to resolve to real hosts and don’t require entries in my /etc/hosts file. So I can literally type ssh cs and get to where I want.

EDIT: apparently, there’s not a catch-all.  At least not a global one… but you can set one for an entire domain (like “*”) and that works magically.  So… close enough.  At least for government work.