Biggest difference is that SSH keys allow you to store and submit the public key without the private key being present.
With passkeys, the private key must be present and usable (at least with current implementations) at the time of enrolment.
This raises a major problem: with SSH keys you can keep an backup key in a secure location (bank vault, etc) and still be able to register it. With passkeys your backup key must be present and connected when registering it, so you can’t keep it in a secure location as you always need it when registering. This exposes both keys to risks such as hardware failure (let’s say faulty USB port that spikes anything plugged in with 12V… you connect your main key, it doesn’t work, now you connect your backup key and same thing happens… by the time you realize both your primary and backup keys are toast).
With SSH, "registering" your key on a server means having out-of-band access to copy your public key. There is no such facility if you're registering a never-before-seen user with a new key, so it makes a whole heap of sense to ensure that the credential you're registering has a working private key that exists.
Biggest difference is that SSH keys allow you to store and submit the public key without the private key being present.
With passkeys, the private key must be present and usable (at least with current implementations) at the time of enrolment.
This raises a major problem: with SSH keys you can keep an backup key in a secure location (bank vault, etc) and still be able to register it. With passkeys your backup key must be present and connected when registering it, so you can’t keep it in a secure location as you always need it when registering. This exposes both keys to risks such as hardware failure (let’s say faulty USB port that spikes anything plugged in with 12V… you connect your main key, it doesn’t work, now you connect your backup key and same thing happens… by the time you realize both your primary and backup keys are toast).
With SSH, "registering" your key on a server means having out-of-band access to copy your public key. There is no such facility if you're registering a never-before-seen user with a new key, so it makes a whole heap of sense to ensure that the credential you're registering has a working private key that exists.
The sarcasm is duly noted. But I simply answered the question. I don't have any strong opinion regarding passkeys.