I'm looking for a way to link the use of a ssh private key to a particular device. Ideally, an attacker could steal the private key but could not use it in another device.
The Intel EPID function might work. A removable U2F FIDO2 key can be moved to another machine. I could hot stick a FIDO2 key into a USB port, but it's a rather ugly solution.
Ideas? Thank you.