YubiKey notes

generating resident ssh keys

$ ssh-keygen -t ed25519-sk -a 100 -O resident -C "yubikey-$(date '+%F')-XXXXX844"
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter PIN for authenticator: 
Enter file in which to save the key (/home/zzz/.ssh/id_ed25519_sk): id_yubi844_sk
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in id_yubi844_sk
Your public key has been saved in id_yubi844_sk.pub
The key fingerprint is: [...]

Where XXXXX844 is the ID of my YubiKey (it's on the back of they key itself).
I saved my identity to idyubi844sk just so i know which identities are for which keys.

sshd

To require it for logging in via sshd, I setup sshd to require two public keys. In sshd_config:

AuthorizationMethods publickey,publickey

Where one will be my yubikey, the other will be the one stored on the machine.

In my personal .ssh/config:

Host someserver
    HostName 100.0.0.1
    IdentityFile ~/.ssh/id_yubi844_sk