I've always thought YubiKeys are expensive and too easy to loose or forget, so many thanks @Foxboron for ssh-tpm-agent ! I already had per-laptop #ssh keys, now they're sealed with its Tusted Platform Module (and a much shorter pass)
Install instructions: https://linderud.dev/blog/store-ssh-keys-inside-the-tpm-ssh-tpm-agent/
Presented at FOSDEM'25: https://archive.fosdem.org/2025/schedule/event/fosdem-2025-5544-hardware-backed-ssh-keys-ssh-tpm-agent/
Access rights tweaked with the help of https://fosdem.org/2026/events/attachments/ARFTHB-tpms_and_the_linux_kernel_unlocking_a_better_path_to_hardware_security/slides/267448/ignat-tpm_ornb8fs.pdf
poke #selfhosted