[DCKing]

In that case I'll need to update my understanding, but this still requires you to do manual configuration for your SSH key - the id_mykey_sk file in your example.

> ssh-keygen -t ecdsa-sk -O resident -f ~/.ssh/id_mykey_sk

I know this is just a reference, but it's still manual configuration. On a host with an SSH client that can speak PIV [this is a challenge], I can just plug in, enter the PIV PIN code, and go.

[StavrosK]

Read farther down, you don't need this key, you can delete it if you want. You'll just have to run `ssh-add -K` every session if you do, so your agent reads the key from the device.

[DCKing]

Ah I missed that. My apologies, I learned something new!

[StavrosK]

No problem, it's a fantastic way to use SSH, I'm just glad it exists.