Key Management – SSH Keys Related to the EPID Device

I'm looking for a way to link the use of a ssh private key to a particular device. Ideally, an attacker could steal the private key but could not use it in another device.

The Intel EPID function might work. A removable U2F FIDO2 key can be moved to another machine. I could hot stick a FIDO2 key into a USB port, but it's a rather ugly solution.

Ideas? Thank you.