It is possible to have passwordless login over SSH using asymmetric cryptography with YubiKeys that support FIDO2 credentials.
The private key sits on the hardware; on the key I have there are up to 100 slots for keys that can be interrogated using FIDO2 (I don’t know the details).
However for macOS (Tahoe), the system OpenSSH is not built with support for security keys. Using Homebrew to install helped a bit but did still not crack the main issue, which was a failure to find a dynamic library “sk-libfido2.dylib”.
Long story short, following the instructions here solved it: https://gist.github.com/BertanT/9d222da115ca2d1274ef34735c4260cf
However, it is a bit inelegant to rebuild the whole OpenSSH distribution from upstream for just this one file but whatever. It works now.
Follow the instructions here once OpenSSH is working: https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html