$ ssh-keygen -t ecdsa-sk
You may need to touch your authenticator to authorize key generation.
Enter file in which to save the key (/home/user/.ssh/id_ecdsa_sk):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_ecdsa_sk
Your public key has been saved in /home/user/.ssh/id_ecdsa_sk.pub
The key fingerprint is:
SHA256:ECFmaoLZENpq0rLem8HC1F6vTwH1pjsnR6X8l/r54rQ [email protected]
The key's randomart image is:
+-[ECDSA-SK 256]--+
|o.  + oo         |
|o= + ....        |
|= =. ... o .     |
| =.   ..+ o      |
|+o.. . oS+       |
|=oo . . + .   .  |
|.o +   * o . +   |
|. o o o o = +.o  |
| . +....   .oEo. |
+----[SHA256]-----+

$ ssh-copy-id -i ~/.ssh/id_ecdsa_sk [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_ecdsa_sk.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

$ ssh -i ~/.ssh/id_ecdsa_sk [email protected]
Enter passphrase for key 'id_ecdsa_sk':
Confirm user presence for key ECDSA-SK SHA256:ECFmaoLZENpq0rLem8HC1F6vTwH1pjsnR6X8l/r54rQ

$ xbps-install -S openssh openssh-sk-helper

$ pacman -S openssh libfido2

$ apt install openssh-client