Yubikey

Generate a Non-resident key

A non-resident key is preferred because it does not use a slot on the Yubikey. Additionally, if an attacker steals the Yubikey, they cannot use that alone to access any services.

ssh-keygen -t ed25519-sk