# OpenSSH with Yubikey / FIDO2 protected keys

These instructions are for using OpenSSH (version 8.3 or newer) to "sign" private keys with a Yubikey via FIDO2.  These direction are focused on gerneric Unix like systems (Linux, OpenBSD, FreeBSD, etc)

## The advantages of Yubikey FIDO2 signed keys:

1. Installation can be done without having to install third-party software.
2. Installation can be done quickly and supports multi-factor by design.

## The disadvantage of Yubikey FIDO2 signed keys:

* OpenSSH 8.3 or newer
* You'll need supported hardware.  For example,  new Yubikey keys with FIDO2 security support (with ed25519 support).
* Keys are signed but not stored *on* the Yubikey.    This means every system will need a private key signed with your Yubikey.