If you have got the following very specific thing to work, please let me know how!
ssh, using ed25519-sk or ecdsa-sk, with a YubiKey with FIDO2, on Android (specifically GrapheneOS), with a Free software client
My tinkering with termux has, so far, failed.
@jgoerzen 's blog post about using yubikey ssh keys
https://www.complete.org/easily-using-ssh-with-fido2-u2f-hardware-security-keys/
Says "On Android, Termius is the only maintained program I could find that has support for FIDO2 ssh keys."
https://termius.com/documentation/connect-using-fido2
A lot of new hardware security keys (Yubikey, Nitrokey, Titan, etc.) now support FIDO2 (aka U2F aka Webauthn aka Passkey; yes it’s a mess). So does OpenSSH. This spells good news for us, because it is far easier to use than previous hardware security types (eg, PKCS#11 and OpenPGP) with ssh. A key benefit of all this, if done correctly, is that it is actually impossible to access the raw SSH private key, and impossible to use it without the presence of the SK and a human touching it.
Neil Brown
Diane