I use for ssh keys a couple of ecdsa-sha2-nistp256 keys loaded on Yubikeys. I’d love to be able to use these with the Nest. There’s a couple of projects I’d migrate from Git/Github to Pijul/Nest if/when this becomes possible, and I’m super looking forward to being able to do that!
According to the Arch Wiki, ECDSA is not recommended.
https://wiki.archlinux.org/title/SSH_keys#ECDSA
Also, do not use Yubikey, it’s closed source. We shouldn’t support closed source “security” products. There are open source alternatives (Nitrokey, Solokey) with both software and hardware open.
The security of your setup is broken. Pijul shouldn’t support broken setups.
I agree ed25519 is the future. I’ve tried switching over, but it’s not supported right now as a PIV key type for yubikeys. As I understand it the reason is that there is no stanard yet for ed25519 PIV keys in hardware tokens generally (not just Yubikey), though maybe that’s out of date. My understanding of the current state comes from this Github issue. I’ll be happy to switch over to ed25519 as soon as its available as an off-the-shelf approach.
I believe I would be able to load an ed25519 on my Yubikey as a PGP key, but I’ve used pgp in the past and don’t want to go back.
As it stands, I’m using a latest-edition Yubikey running the latest firmware, and with that setup ed25519 is not a PIV option yet. It’s not my choice to decide whether Pijul wants to support/prioritize Yubikey, but I think it’s a bit extreme to say that my setup is broken just because I’m using a Yubikey.