Hmmm interesting - do you recommend I use the same key for github, my personal server, some work servers, etc?

Yes, but use an RSA key.

It doesn't really matter how many you have, you still need to protect them. Encrypt your laptop, lock your screen when you get up for a break, etc, etc.

Personally, I use one key pair per source user/device pair and then comment in the authorized keys where each public key is from. To me, it is more likely that a user/machine pair will be compromised than a key. This makes cutting a compromised box or account off easy. :-)

Why not?

Personally, I like to have different keys that I treat with different levels of care/paranoia. I'm not particularly worried about leaving my github key 'added' to my ssh agent 24/7, but I don't do that with my work production key.

I prefer minimising the amount of work required to replace compromised keys. e.g.: I have a private SSH key on my work-supplied computer which I consider to be "compromised" for private purposes, but it's perfectly usable for work inside that company.

Use IdentityFile to specify which key to use with which remote host and you're golden.

edit: I also have that private SSH key on my personal computers so I can use SSH when working from home. Then when I stop working with that company I can simply remove that key, rather than generating a new SSH key and redistributing public keys to hosts that I use regularly.

edit edit: Using IdentityFile also helps automate the process of redistributing keys when you decide to generate a new one.

When I stopped working for $company they had to remove my public key from all their authorized_keys files. There is no need for me to re-generate my private key...

Ouf, no thanks. I have a key per location. I have a single key for the machines I log in to at work. Another key for AWS. Another key for github. I also have separate keys for all of the above services for my semi-persistent local virtual machines.

Correct, but sometimes it's unavoidable, particularly when talking to dumb management devices :(

id_ed25519, id_ecdsa, id_rsa, boom auth failure.

This is why we have IdentityFile :) (also afair you usually get more like 5 key attempts before failure)

Third and fourth tips in the article address that specific complaint.

I know. I was clarifying for the comment I replied to that there are situations where the steps you're citing are relevant, because there are situations where you have multiple keys on the same user/system.