Thanks for the link! The main problem I have is that gpg-agent won't start in ssh-agent mode automatically. I noticed on Ubuntu that there's some scripts that check if this directive is present in ~/.gpg/gnupg-agent.conf and then start it accordingly (and not load gnome-keychain) but this is not working correctly. I spent ages messing around to get it to load.
These days I use FreeBSD with KDE and it was a bit easier to get it to work. But I still have the scdaemon crashes a lot.
But yeah I really wish they would finally fix CTAP2 on Linux. I think the problem is a bit chicken and egg / there's not many services actually supporting it yet. Microsoft 365 is the only one I use that has it. And there it's in 'preview' so my work doesn't allow it, on my personal instance I do have it enabled though.
Passwordless U2F is no longer in preview on Microsoft 365, at least when I look at the config through the Azure AD interface.
However, the situation is actually worse than that on the MS front. Because it actually requires user verification even when used as a second factor, you cannot use such a token at all with MS's ecosystem. Which basically means that if you use Firefox on Linux, you're stuck with less secure second factors.
Paradoxically, MS Edge on Linux doesn't support CTAP2, either, although it's based on Chromium, which works OK.
These days I use FreeBSD with KDE and it was a bit easier to get it to work. But I still have the scdaemon crashes a lot.
But yeah I really wish they would finally fix CTAP2 on Linux. I think the problem is a bit chicken and egg / there's not many services actually supporting it yet. Microsoft 365 is the only one I use that has it. And there it's in 'preview' so my work doesn't allow it, on my personal instance I do have it enabled though.