GPG with Yubikey
Details creating a GPG Master Key & subkeys, with an embedded photo and exporting subkeys to multiple Yubikeys. Additional documents provide setup for using Yubikeys for SSH authentication on different client operating systems.
Subkeys are issued from the master key and are used for specific actions essentially ‘on behalf of’ the master identity. These subkeys are loaded onto Yubikeys for everyday use. As they are subkeys, these can be revoked as needed or the master key can be revoked/changed to invalidate all subkeys at once. The master key should be kept offline and encrypted and only the subkeys used in day to day usage.
Setup Instructions:
Setup Pre-Requisites.
Key Setup to create your digital identity.
Be sure to see Troubleshooting to resolve any issues.
See SSH to setup SSH services.
Core instructions are here. Alternative step-by-step walkthrough instructions for configuring multi-platform GPG/Yubikey SSH usage are here. OpenPGP for Beginners is a good starting point if you have no understanding of what this is.
References