How to set up U2F/FIDO2 hardware security key to use with SSH and Github
$ ssh-keygen -C 'your.email@provider.com' -f $HOME/.ssh/user-github -t ed25519-skGenerating public/private ed25519-sk key pair.You may need to touch your authenticator to authorize key generation.Enter PIN for authenticator: ****************You may need to touch your authenticator (again) to authorize key generation.Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/$USER/.ssh/user-githubYour public key has been saved in /home/$USER/.ssh/user-github.pubThe key fingerprint is:SHA256: <hash> your.email@provider.com
It is probably more convenient to use an empty passphrase.
$ xclip -i -sel clip < $HOME/.ssh/user-github.pub
Go to https://github.com/settings/keys, click on New SSH key and paste key and save
Host github.comHostname ssh.github.comPort 443User gitIdentityFile %d/.ssh/user-githubIdentitiesOnly yes
$ ssh -T git@github.comConfirm user presence for key ED25519-SK SHA256: <hash>Hi user! You've successfully authenticated, but GitHub does not provide shell access.
$ git remote set-url origin git@github.com:username/your-repository.git
$ git remote show originConfirm user presence for key ED25519-SK SHA256: <hash>* remote originFetch URL: git@github.com:username/your-repository.gitPush URL: git@github.com:username/your-repository.gitHEAD branch: mainRemote branch:main trackedLocal branch configured for 'git pull':main merges with remote mainLocal ref configured for 'git push':main pushes to main (up to date)