From d25af4a70a6285bfb9f520c27d0a1b4c4b2df755 Mon Sep 17 00:00:00 2001
From: Chloe Surett <chloe@surett.me>
Date: Mon, 17 Nov 2025 12:10:53 -0500
Subject: [PATCH 1/2] ssh: T7483: Document fido2 options

---
 docs/configuration/service/ssh.rst | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/configuration/service/ssh.rst b/docs/configuration/service/ssh.rst
index c9969aa6ca..5b28d1f7e0 100644
--- a/docs/configuration/service/ssh.rst
+++ b/docs/configuration/service/ssh.rst
@@ -59,6 +59,14 @@ Configuration
   Disable password based authentication. Login via SSH keys only. This hardens
   security!
 
+.. cfgcmd:: set service ssh verify-required
+
+  Require FIDO2 keys to attest that a user has been verified (e.g. via a PIN).
+
+.. cfgcmd:: set service ssh touch-required
+
+  Require FIDO2 keys to attest that a user is physically present.
+
 .. cfgcmd:: set service ssh disable-host-validation
 
   Disable the host validation through reverse DNS lookups - can speedup login

From 13b0d84134adbb9dc6afa331566acccb3002fc90 Mon Sep 17 00:00:00 2001
From: Chloe Surett <chloe@surett.me>
Date: Thu, 20 Nov 2025 12:03:20 -0500
Subject: [PATCH 2/2] ssh: T7483: Update fido2 option naming

---
 docs/configuration/service/ssh.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/configuration/service/ssh.rst b/docs/configuration/service/ssh.rst
index 5b28d1f7e0..74d277afd7 100644
--- a/docs/configuration/service/ssh.rst
+++ b/docs/configuration/service/ssh.rst
@@ -59,11 +59,11 @@ Configuration
   Disable password based authentication. Login via SSH keys only. This hardens
   security!
 
-.. cfgcmd:: set service ssh verify-required
+.. cfgcmd:: set service ssh fido pin-required
 
   Require FIDO2 keys to attest that a user has been verified (e.g. via a PIN).
 
-.. cfgcmd:: set service ssh touch-required
+.. cfgcmd:: set service ssh fido touch-required
 
   Require FIDO2 keys to attest that a user is physically present.