@0x4d6165 yes!
i personally generate new ssh keys for each device and sign them with my yubikey as shown in this lovely blog post: jamesog.net/2023/03/03/yubikey-as-an-ssh-certificate-authority/
it is definitely worth mentioning that a lot of sites where one might put in an ssh key don't take the CA's public key and it's annoying..
magnificent (imo) way of handling keys for private/semi-private servers tho