I just got some YubiKeys to secure my important accounts and am now wondering about the best way of securing access to some VPS boxes I have. Up until now, I have disabled password-based login and used SSH keys to connect to the servers.
As far as I can tell from some research, there are two ways to secure SSH access with a YubiKey:
- Generating a
ed25519-sk
key pair which can only be used together with the YubiKey - Using the
pam_yubico
module on the server to only allow access with a regular SSH key and the YubiKey as a second factor
Is there any reason to prefer one of these over the other for security or convenience?