diff --git a/docs/configuration/service/ssh.rst b/docs/configuration/service/ssh.rst
index c9969aa6ca..74d277afd7 100644
--- a/docs/configuration/service/ssh.rst
+++ b/docs/configuration/service/ssh.rst
@@ -59,6 +59,14 @@ Configuration
   Disable password based authentication. Login via SSH keys only. This hardens
   security!
 
+.. cfgcmd:: set service ssh fido pin-required
+
+  Require FIDO2 keys to attest that a user has been verified (e.g. via a PIN).
+
+.. cfgcmd:: set service ssh fido touch-required
+
+  Require FIDO2 keys to attest that a user is physically present.
+
 .. cfgcmd:: set service ssh disable-host-validation
 
   Disable the host validation through reverse DNS lookups - can speedup login