I've found it a little easier to get going with GPG, especially on different operating systems. IIRC with PKCS you have to tell the SSH client to use a particular plugin? Whereas with GPG you just need GnuPG and have it act as the SSH agent. Plus you can forward the GnuPG socket and then anything you do on the remote server that requires GPG will pass through to the Yubikey -- I find this useful with pass and for signing Maven artifacts, just tap the Yubikey when encrypting/decrypting.