Yes, sure, you could use pam-u2f, but that will never be as seamless as having it supported upstream in ssh.
Or you could use the OTP mode instead, but that has other disadvantages (you have to depend on yubico's servers or run your own KSM+validation servers).
Maybe the introduction of FIDO2 will spark some interest in that again? https://bugzilla.mindrot.org/show_bug.cgi?id=2319
Yes, sure, you could use pam-u2f, but that will never be as seamless as having it supported upstream in ssh.
Or you could use the OTP mode instead, but that has other disadvantages (you have to depend on yubico's servers or run your own KSM+validation servers).