The Feitian ePass K40 is approximately equivalent in features to the Yubico Security Key, not a YubiKey 5 series key.
You can look up the difference between Yubico Security Key and YubiKey 5 series yourself.
Feitian has next to no documentation on what FIDO2 features/specs are supported on their keys, such as credential management (e.g., delete FIDO2 resident credential), hmac-secret extension and the max number of resident credentials allowed unlike Yubico.
Yubico beats every other manufacturer of FIDO keys when it comes to documentation, trust (due to their past incident responses) and build quality/customer support.
I'm assuming the company is legit and meets a high bar.
Feitian is a legit Chinese company (been around for longer than Yubico) - their US ops are handled from their US based company, which is the Amazon seller on the listing you linked to.
And their products are pretty good too, but that doesn't mean they are cheaper than Yubico or worth the price. Their FIDO2/NFC consumer product pricing is really on par with Yubico (and IMHO, not that competitive given the support/build quality).
Most people prefer products that originate exclusively in US and allied countries, especially Federal contractors and the likes. Yubico is far more accountable to these Western government entities (and citizens) than Feitian, especially when it comes to FIPS compliance, software/UX, firmware and recalls.
So, for a US/Sweden manufactured key, Yubico's pricing is pretty good.
BTW, there's many more companies with $20-$30 FIDO2 keys. GoTrust (Taiwan/US) has the Idem Key, TrustKey (US) has TrustKey T120 and Hypersecu (Canada) has HyperFIDO Pro Mini which is a Feitian rebrand. No idea on the durability of these or the country of manufacture otherwise.
Google's own Titan BT/USBA keys etc are made by Feitian
Yubico wrote a blog post about Google (Yubico's long time partner) deciding to go with Feitian:
https://www.yubico.com/blog/the-key-to-trust/
A year later, it was proven that Yubico was right to not release BLE keys:
I wouldn't say that Feitian cannot be trusted, since Yubico has replaced keys for worse mishaps. But I have far more trust in Yubico than Feitian. I don't think Feitian would have replaced those keys if they were not working with Google.
Yes, you can do this. I haven't tested this (cause I don't want to mess up my system) but I believe you can edit /etc/pam.d/sudo
like this:
~~~
@include common-auth
auth sufficient pam_u2f.so
~~~
Then you should be able to just touch the key. For Linux, the brands Thetis and FEITIAN both work, and you can save some money over Yubico, they are just as good quality. Or if you want to go really cheap, this one is only $15.
https://www.amazon.com/HYPERFIDO-Mini-FIDO2-HOTP-Security/dp/B0813YWZB2
Just note, that the fancier keys don't all work on Linux. Especially the fingerprint ones I believe are only for Windows. But those ones I listed I tested on Ubuntu and I'm sure they work.