This is probably the best way to store SSH keys on the Yubikey 5, this allows you to move around freely without needing to store private key files directly on every file system you want to connect from. There are some other possible methods also e.g GPG or PKCS11.
This method is only possible since 2020-02-14, OpenSSH 8.2 was released to add FIDO2/U2F hardware authenticator support.
- The newer FIDO/U2F key types are only supported, ecdsa-sk and ed25519-sk (sk = security key)
- The Yubikey 5 should be able to store up to 25 keys. (Alternatively use Solokeys for 50 keys)
- Storing both parts of a key on a FIDO token increases the likelihood of an attacker being able to use a stolen token device. We will add a PIN to help mitigate this, you can also further add a passphrase to your key.