I use my yubikey and I love it. I have it set up to do GPG, SSH, TOTP, and U2F and it works great. It is worlds better then any other Smart Card or second factor out there, and U2F is literally just plug it in and tap it.
Have you got a writeup of the ssh setup methodology you used?
(I've tried scouting around, but not found anything clear yet. Someone's done native support in ssh, but the patch set is hung up on licensing issues and technical quibbles[1], and some of the PAM-based setups seem to require cut-and-paste of crypto strings on every login.)
But my security model does not allow putting myself in a position where I am stranded without my second factor (or doing huge amounts of work re-registering everything).
(I've tried scouting around, but not found anything clear yet. Someone's done native support in ssh, but the patch set is hung up on licensing issues and technical quibbles[1], and some of the PAM-based setups seem to require cut-and-paste of crypto strings on every login.)
[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2319