I tried to use Gnuk (Nitrokey Start) keychain with Ed25519/Cv25519 keys to secure SSH setup using gpg-agent's --enable-ssh-support option to let it talk the ssh-agent protocol with ssh and ssh-keygen.
This works very well for signing authentication tokens (ssh public key authentication) but it turns out signing anything larger than 255 bytes fails.
This results in ssh-keygen -U … invocation failing with:
Couldn't certify key ssh_host_ed25519_key.pub via agent: agent refused operation
I traced down the passing of payload to be signed through gpg-agent to scdaemon:
< SETDATA <hex-payload> > OK < PKAUTH OPENPGP.3 > scdaemon: app_auth failed: Invalid value > ERR 100663351 Invalid value <SCD> < RESTART
and further down to iso7816_internal_authenticate() and apdu_send_le() in scdaemon itself.
What I find baffling is that the payload is at not point hashed (SSH Ed25519 uses SHA-512 pre-hash as per rfc8709) so it seems it's sent to the keycard in full.
Furthermore PKAUTH command isn't documented in Scdaemon manual's protocol section.
Since GPG can generally sign larger amounts of data I suspect this issue is due to gpg-agent or scdaemon mishandling the card rather than inherent limitation of Gnuk tokens.
Specifically I think it should be possible to pre-hash the payload in gpg-agent and ask smartcard to use signature version without pre-hash. (I haven't been able to find OpenPGP SmartCard specification covering Ed25519 to ascertain that is the case though.)