While setting up my FIDO keys for SSH access I noticed that I couldn't login after setting up a key with:
set system login user xxx authentication public-keys yubikey key '<public key>' set system login user xxx authentication public-keys yubikey type 'ed25519-sk'
After checking what's generated into the authorized_keys file I noticed that the key was inserted with the type ed25519-sk while it should be [email protected], see https://man.openbsd.org/sshd_config#PubkeyAcceptedAlgorithms. This probably also affects the ecdsa variant.
Just to be sure I also manually corrected the type in the authorized_keys file, after which I could login just fine. It seems like the type used in the config is rendered literally into the keys file. Either the key type in the config needs to be renamed or the script has to do that while rendering.