It would be nice to secure an SSH login with a PKCS#11 hardware token, such as SuisseID.

If you have got your SuisseID on an USB-Stick and installed the Linux Post SuisseID Software, it is extremly simple:

1. Activate the PKCS#11 library:
   ssh-add -s /usr/lib/libcvP11.so
2. Exchange public PKCS#11 key with server:
   ssh-copy-id remote.server.url

Then you can ssh-login to host remote.server.url with your SuisseID.

user@host1:~$ ssh-add -s /usr/lib/libcvP11.so 
Enter passphrase for PKCS#11: 
Card added: /usr/lib/libcvP11.so
user@host1:~$ ssh-copy-id host2
user@host2's password: 
Now try logging into the machine, with "ssh 'host2'", and check in:
 
  ~/.ssh/authorized_keys
 
to make sure we haven't added extra keys that you weren't expecting.
 
user@host1:~$ ssh host2
user@host2:~$