[vletal]

In the blogpost they give an example of exactly that

   $ ssh-add -L
   sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKgGePSwpBuHUhrFCRLch9Usqi7L0fKtgTRnh6F/R+ruAAAABHNzaDo= cadey@shachi

Seems like the key is exposed as ssh agent.

[veganjay]

Thanks - "ssh-add -L" talks to the ssh-agent and asks what keys are loaded. That shows all keys including keys from the yubikey and from the local filesystem.

I am looking for a command that shows what's on the yubikey.

From what I gather, if the command from the article is run: "ssh-keygen -t ed25519-sk -O resident", the key is stored in a FIDO2 slot.

If that's the case, my question is how to show what is in the FIDO2 slots and how to delete them?

[veganjay]

Found it:

Install ykman: https://github.com/Yubico/yubikey-manager#linux

Show FIDO2 credentials:

    $ ykman fido credentials list
    ssh: 0000000000000000000000000000000000000000000000000000000000000000 openssh

Delete:

    $ ykman fido credentials delete CREDENTIAL