[ggm]

SSH key storage needs more info I think. I am using SSH enough that this '...can also do SSH...' would want to be the main topic.

advanced modes disabling API keys means a lot of the older third party integrations which depend on a simple API token are SOL. this worries me, lockin risks.

[ryukafalz]

>SSH key storage needs more info I think. I am using SSH enough that this '...can also do SSH...' would want to be the main topic.

Different audiences, I think - this article doesn't go into technical details that often besides mentioning various protocols and what they do. Using a Yubikey for SSH (either via GPG or X.509 certs) is significantly more involved than using one for U2F/FIDO2.

There's a pretty in-depth guide here on using one as a GPG smartcard with SSH (that's what I do): https://zeos.ca/post/2018/gpg-yubikey5/

[cuu508]

There's also DrDuh's pretty comprehensive guide https://github.com/drduh/YubiKey-Guide

[allset_]

For bonus points, you can also sign your Git commits.

[ryukafalz]

Yup! And it's simple enough to do this automatically by just putting this in your gitconfig:

    [user]
        signingkey = <your GPG fingerprint here>
    [commit]
        gpgsign = true

[Boulth]

You don't need signingkey if you have a GPG key with the same email as your git user.email (I guess that's the majority of cases).