The basics of adding a Yubikey to be used to authorise sudo commands on a Debian Linux machine.

First install the required pam module:
sudo apt install libpam-u2f

Create the configuration folder for the U2F keys config file: mkdir ~/.config/Yubikey

Register your Yubikey into the configuration file in the directory you created:
pamu2fcfg > ~/.config/Yubikey/u2f_keys
You will be prompted for your keys pin (if set, it should be!) and required to touch the key as normal to register it.

To register additional keys use the following command:
pamu2fcfg -n >> ~/.config/Yubico/u2f_keys

Now you need to add a line to the /etc/pam.d/sudofile to enable the key.
Add the line auth sufficient pam_u2f.so after the session entries and before the line @include common-auth, then save but do not close the file.
If you want to make it 2FA instead of just authorisation the line would be auth required pam_u2f.so.

Open a new terminal window to test the configuration is working: sudo echo SUCCESS

If that works as expected, waiting on the touch of the Yubikey you are now OK to close the /etc/pam.d/sudo file, if not check for typos or revert before debugging.

These are instructions simplified for the one purpose I was after from the Yubico guide, which goes into more details and use cases.. https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F