There are some dependencies that need to be installed to ssh with a Yubikey. For windows: Install GPG: https://gpg4win.org/index.html Enable SSH Support (Reference: https://developers.yubico.com/PGP/SSH_authentication/Windows.html): - Create or modify C:\Users\\AppData\Roaming\gnupg\gpg-agent.conf - Add the following lines to the file: enable-ssh-support enable-putty-support - Kill the process gpg-agent.exe and run "gpg --card-status" to restart Install Putty: https://www.putty.org/ Optionally install WinScp: https://winscp.net/eng/index.php When connecting, make sure that pageant installed with Putty is not running, or the GPG SSH agent will not work. Make sure the gpg agent is running by executing "gpg --card-status" For linux: The GPG application requires the apt package scdaemon in order to talk to the yubikey. There may be other undocumented dependencies. When everything is set up, running the command: "gpg --card-status" should show info from the Yubikey. Once the dependencies are set up, it is easy to switch between the traditional SSH agent and the GPG ssh agent using the "SSH_AUTH_SOCK" environment variable. Here are some helpful aliases: alias enable-ssh-gpg="export SSH_AUTH_SOCK=/run/user/$UID/gnupg/S.gpg-agent.ssh" alias sshg="SSH_AUTH_SOCK=/run/user/$UID/gnupg/S.gpg-agent.ssh ssh" alias scpg="SSH_AUTH_SOCK=/run/user/$UID/gnupg/S.gpg-agent.ssh scp" # Note that this alias sets the SSH_AUTH_SOCK back to the Ubuntu Keyring agent's path # Other agents will be located at different paths. alias disable-ssh-gpg="export SSH_AUTH_SOCK=/run/user/$UID/keyring/ssh" Alternatively, it may be easier to add these configs to your SSH config file to enable Yubikey-based authentication only on the server: Host liberty liberty.apromenschenkel.com HostName liberty.apromenschenkel.com User apromenschenkel IdentityAgent /run/user/%i/gnupg/S.gpg-agent.ssh VerifyHostKeyDNS yes Host Key Verification: See the file "ssh-host-key-fingerprints.txt" for manual verification. Add "VerifyHostKeyDNS yes" to the global, user, or per-host configs to make use of SSHFP DNS verification. Note that SSHFP verification only works without user intervention if your local resolver supports DNSSEC.