===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/PROTOCOL.u2f,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- src/usr.bin/ssh/PROTOCOL.u2f	2020/04/28 04:02:29	1.21
+++ src/usr.bin/ssh/PROTOCOL.u2f	2020/05/11 02:11:29	1.22
@@ -39,6 +39,13 @@
 primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2
 standard specifies additional key types, including one based on Ed25519.
 
+Use of U2F security keys does not automatically imply multi-factor
+authentication. From sshd’s perspective, a security key constitutes a
+single factor of authentication, even if protected by a PIN or biometric
+authentication.  To enable multi-factor authentication in ssh, please
+refer to the AuthenticationMethods option in sshd_config(5).
+
+
 SSH U2F Key formats
 -------------------