This guide covers setting up FIDO2 SSH keys on YubiKeys (primary + backup) for GitHub, generating them on Windows and using them from WSL2.
Why generate on Windows? WSL2 runs in a lightweight VM without direct USB access. USB passthrough via usbipd-win is unreliable for FIDO2 devices and disables the YubiKey on the Windows host while attached. The Windows OpenSSH client has direct USB access, so we generate keys there and copy the resulting files into WSL2.