Nice tips! Personally will use SSH aliases and canonicalised hostnames.
Other topics covered in post:
- Forward Yubikey Agent
- Reuse connections
- SSH straight into tmux
- Alias commonly used hosts
- Do not add testing stuff to
~/.ssh/known_hosts - Make connections last longer
- Canonicalize hostnames
- Yubikey and GitHub, without touching it every time
Setting a random SSH port and limiting it to 3/min saw failed login attempts fall by 99% and jailed IPs fall to 0.