Setup
sudo dnf install tpm2-pkcs11 tpm2-pkcs11-tools -y
sudo usermod -a -G tss "$(id -nu)"
newgrp tss
Create Key
unset HISTFILE
tpm2_ptool init
tpm2_ptool init
tpm2_ptool addtoken --pid=1 --label=ssh --userpin=MySecretPassword --sopin=MyRecoveryPassword
tpm2_ptool addkey --label=ssh --userpin=MySecretPassword --algorithm=ecc256
Export Public Key
ssh-keygen -D /usr/lib64/pkcs11/libtpm2_pkcs11.so > ~/.ssh/my-ssh-key_using-tpm2.pub
cat > ~/.ssh/config << EOF
Host server
PKCS11Provider /usr/lib64/pkcs11/libtpm2_pkcs11.so
PasswordAuthentication no
EOF
Put Public Key
cat ~/.ssh/my-ssh-key_using-tpm2.pub | ssh -i ~/.ssh/my-identity-key user@server "cat >> ~/.ssh/authorized_keys"