[GekkePrutser]

Yes and you can forward the yubikey through an SSH agent. It's what I do. This way you can sudo with hardware auth both locally and remotely. Enable touch to sign so the yubikey can't be 'milked' for authentication while it's inserted and unlocked.

I don't know if you can do the same (forwarding over SSH) with Fido2 but I still use traditional SSH keys anyway (stored on the yubi with OpenPGP). And the pam_ssh_agent_auth module.

I'll only consider switching to Fido once everything supports it (eg my iLO devices too) and it can offer at least the same features like forwarding. For now the former is very far from being realised anyway.