1)Make sure and test all of the appropriate SSH clients for each OS. For Windows, a whole lot of people still use 3rd-party clients like Putty so make sure and test that one along with the built-in Windows 10 client as well as at least on major distribution (e.g. Ubuntu/Debian/etc) for Windows Subsystem for Linux and Windows Subsystem for Linux v2.

2) Make sure and document as much as you can so OS patch-level, SSH client implementation/version, PCAP of the connection, etc.

3) With the information from above, make sure and evaluate the differences in the clients from a network perspective. I doubt you’ll find anything as bad as “Putty supports single-DES with MD5”, but you never know unless you look.

4) In addition to just testing whether the U2F client-side SSH works out-of-the-box, check to see if there is a way to enable it either through configuration or work-arounds. That is what people will actually be doing so it’s an important aspect of the roll-out to document and evaluate.

