From: Zack Newman <zack@philomathiclife.com>
Subject: Re: ssh-keygen(1) FIDO authentication supports fingerprints
To: tech@openbsd.org
Date: Wed, 27 Nov 2024 07:48:25 -0700

> I think something like this would be fine:
>
> diff --git a/ssh-keygen.1 b/ssh-keygen.1
> index 06f0555..c44a5ea 100644
> --- a/ssh-keygen.1
> +++ b/ssh-keygen.1
> @@ -1041,13 +1041,11 @@ format.
>  .Pp
>  .It Ic verify-required
>  Require signatures made using this key indicate that the user was first
> -verified.
> +verified, e.g. by PIN or on-token biometrics.
>  This option only makes sense for the FIDO authenticator algorithms
>  .Cm ecdsa-sk
>  and
>  .Cm ed25519-sk .
> -Currently PIN authentication is the only supported verification method,
> -but other methods may be supported in the future.
>  .El
>  .Pp
>  At present, no standard options are valid for host keys.

That works for me.