[visualphoenix]

If the remote host is trusted, you just forward the gpg-agent over ssh to your remote host.

[pipe_connector]

Sorry, I think I missed something because the article doesn't mention GPG at all. How can you make a webauthn client defer to gpg-agent?

[pxc]

When GPG is your ssh agent, you can use RSA or ed25519 keys stored on a smartcard (like a Yubikey) to authenticate via SSH.

It's generally preferable to use a `-sk` key type, though, by which the remote server can essentially enforce that you're using a smartcard and not a normal keypair backed by a file.

[pipe_connector]

Sure, I understand how to authenticate to my remote machine with a smartcard (and already do use this setup). I'm wondering how to authenticate to resources (over HTTP) from my remote machine while using webauthn.

[walth]

Just -D 8080 on your SSH connection and use the local SOCKS5 proxy to tunnel all local web traffic via remote machine.