Thanks to msfriedl, #OpenSSH now supports #ECDSA keys stored in PKCS#11 tokens such as #Yubico Yubikey 4. This is available in CVS/git HEAD now and will be in the OpenSSH 8.0 release.
(H/T djm@)
https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037468.html
@kurtm it'll be good only if his OS of choice updates their software this decade.
@kurtm probably ships in tomorrow's snapshot. worst case, check back on May 1.
@phessler Does this mean we can ditch gpg-agent for ssh auth via yubikey?
@ebarrett yes. I watched djm@ demo it in the hackroom
@irl I guess? I don't install gnupg.
@phessler My lackey will be happy. He's been using GPG to simulate ssh-agent in order to use his Yubikey. Sounded super-horrible to me (because GPG).