The Yubikey supports x509 certs (this is the PIV app). And you can use them for SSH authentication via opensc or similar. But this just uses the RSA private key, not the cert.
SSH’s built-in CA support uses a certificate authority private key to sign regular SSH public keys. The resulting public key cert isn’t compatible, as far as I know, with any hardware keys.
SSH’s built-in CA support uses a certificate authority private key to sign regular SSH public keys. The resulting public key cert isn’t compatible, as far as I know, with any hardware keys.