diff --git a/ssh/yubibug.md b/ssh/yubibug.md
index dbe3fba..94f83e9 100644
--- a/ssh/yubibug.md
+++ b/ssh/yubibug.md
@@ -23,171 +23,169 @@ Admin PIN:   12345678
 </pre>
 Good, let's start with key generation :
 <pre>
-    $ gpg --card-edit
-    gpg: directory '/home/user/.gnupg' created
-    gpg: keybox '/home/user/.gnupg/pubring.kbx' created
-
-    Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
-    Application ID ...: D2760001240103040006152800150000
-    Application type .: OpenPGP
-    Version ..........: 3.4
-    Manufacturer .....: Yubico
-    Serial number ....: 15280015
-    Name of cardholder: [not set]
-    Language prefs ...: [not set]
-    Salutation .......:
-    URL of public key : [not set]
-    Login data .......: [not set]
-    Signature PIN ....: not forced
-    Key attributes ...: rsa2048 rsa2048 rsa2048
-    Max. PIN lengths .: 127 127 127
-    PIN retry counter : 3 0 3
-    Signature counter : 0
-    KDF setting ......: off
-    Signature key ....: [none]
-    Encryption key....: [none]
-    Authentication key: [none]
-    General key info..: [none]
-    gpg/card> admin
-    Admin commands are allowed
-    gpg/card> admin
-    Admin commands are allowed
-
-    gpg/card> key-attr
-    Changing card key attribute for: Signature key
-    Please select what kind of key you want:
-       (1) RSA
-       (2) ECC
-    Your selection? 2
-    Please select which elliptic curve you want:
+$ <b>gpg --card-edit</b>
+gpg: directory '/home/user/.gnupg' created
+gpg: keybox '/home/user/.gnupg/pubring.kbx' created
+
+Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
+Application ID ...: D2760001240103040006152800150000
+Application type .: OpenPGP
+Version ..........: 3.4
+Manufacturer .....: Yubico
+Serial number ....: 15280015
+Name of cardholder: [not set]
+Language prefs ...: [not set]
+Salutation .......:
+URL of public key : [not set]
+Login data .......: [not set]
+Signature PIN ....: not forced
+Key attributes ...: rsa2048 rsa2048 rsa2048
+Max. PIN lengths .: 127 127 127
+PIN retry counter : 3 0 3
+Signature counter : 0
+KDF setting ......: off
+Signature key ....: [none]
+Encryption key....: [none]
+Authentication key: [none]
+General key info..: [none]
+gpg/card> <b>admin</b>
+Admin commands are allowed
+
+gpg/card> <b>key-attr</b>
+Changing card key attribute for: Signature key
+Please select what kind of key you want:
+   (1) RSA
+   (2) ECC
+Your selection? <b>2</b>
+Please select which elliptic curve you want:
+   (1) Curve 25519
+   (4) NIST P-384
+Your selection? <b>1</b>
+The card will now be re-configured to generate a key of type: ed25519
+Note: There is no guarantee that the card supports the requested size.
+      If the key generation does not succeed, please check the
+      documentation of your card to see what sizes are allowed.
+Changing card key attribute for: Encryption key
+Please select what kind of key you want:
+   (1) RSA
+   (2) ECC
+Your selection? <b>2</b>
+Please select which elliptic curve you want:
+   (1) Curve 25519
+   (4) NIST P-384
+Your selection? <b>1</b>
+The card will now be re-configured to generate a key of type: cv25519
+Changing card key attribute for: Authentication key
+Please select what kind of key you want:
+   (1) RSA
+   (2) ECC
+Your selection? <b>2</b>
+Please select which elliptic curve you want:
        (1) Curve 25519
        (4) NIST P-384
-    Your selection? 1
+    Your selection? <b>1</b>
     The card will now be re-configured to generate a key of type: ed25519
-    Note: There is no guarantee that the card supports the requested size.
-          If the key generation does not succeed, please check the
-          documentation of your card to see what sizes are allowed.
-    Changing card key attribute for: Encryption key
-    Please select what kind of key you want:
-       (1) RSA
-       (2) ECC
-    Your selection? 2
-    Please select which elliptic curve you want:
-       (1) Curve 25519
-       (4) NIST P-384
-    Your selection? 1
-    The card will now be re-configured to generate a key of type: cv25519
-    Changing card key attribute for: Authentication key
-    Please select what kind of key you want:
-       (1) RSA
-       (2) ECC
-    Your selection? 2
-    Please select which elliptic curve you want:
-           (1) Curve 25519
-           (4) NIST P-384
-        Your selection? 1
-        The card will now be re-configured to generate a key of type: ed25519
-
-    gpg/card> generate
-    Make off-card backup of encryption key? (Y/n) n
-
-    Please note that the factory settings of the PINs are
-       PIN = '123456'     Admin PIN = '12345678'
-    You should change them using the command --change-pin
 
-    Please specify how long the key should be valid.
-             0 = key does not expire
-          <n>  = key expires in n days
-          <n>w = key expires in n weeks
-          <n>m = key expires in n months
-          <n>y = key expires in n years
-    Key is valid for? (0)
-    Key does not expire at all
-    Is this correct? (y/N) y
-
-    GnuPG needs to construct a user ID to identify your key.
-
-    Real name: Dummy
-    Email address: dummy@dummy.co
-    Comment:
-    You selected this USER-ID:
-        "Dummy <dummy@dummy.co>"
-
-    Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
-    gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
-    gpg: key B4A67FB911B1ED6B marked as ultimately trusted
-    gpg: directory '/home/user/.gnupg/openpgp-revocs.d' created
-    gpg: revocation certificate stored as '/home/user/.gnupg/openpgp-revocs.d/A157C7E15F3D6C7445B40626B4A67FB911B1ED6B.rev'
-    public and secret key created and signed.
-
-    gpg/card> list
-
-    Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
-    Application ID ...: D2760001240103040006152800150000
-    Application type .: OpenPGP
-    Version ..........: 3.4
-    Manufacturer .....: Yubico
-    Serial number ....: 15280015
-    Name of cardholder: [not set]
-    Language prefs ...: [not set]
-    Salutation .......:
-    URL of public key : [not set]
-    Login data .......: [not set]
-    Signature PIN ....: not forced
-    Key attributes ...: ed25519 cv25519 ed25519
-    Max. PIN lengths .: 127 127 127
-    PIN retry counter : 3 0 3
-    Signature counter : 4
-    KDF setting ......: off
-    Signature key ....: A157 C7E1 5F3D 6C74 45B4  0626 B4A6 7FB9 11B1 ED6B
-          created ....: 2020-10-05 09:45:47
-    Encryption key....: 2B46 118B DEB3 4AAC 4951  63DE 286C 74DF 1104 5D46
-          created ....: 2020-10-05 09:45:47
-    Authentication key: FFE2 8767 DD98 CD3F 587A  19F9 B1B9 E836 16EF 39E7
-          created ....: 2020-10-05 09:45:47
-    General key info..:
-    pub  ed25519/B4A67FB911B1ED6B 2020-10-05 Dummy <dummy@dummy.co>
-    sec>  ed25519/B4A67FB911B1ED6B  created: 2020-10-05  expires: never     
-                                    card-no: 0006 15280015
-    ssb>  ed25519/B1B9E83616EF39E7  created: 2020-10-05  expires: never     
-                                    card-no: 0006 15280015
-    ssb>  cv25519/286C74DF11045D46  created: 2020-10-05  expires: never     
-                                    card-no: 0006 15280015
-    gpg/card> quit
-    pub   ed25519 2020-10-05 [SC]
-          A157C7E15F3D6C7445B40626B4A67FB911B1ED6B
-    uid                      Dummy <dummy@dummy.co>
-    sub   ed25519 2020-10-05 [A]
-    sub   cv25519 2020-10-05 [E]
-
-    $ ssh-add -L
-    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGzO7860chQPMw0NuLDhBqZd1IcfIqBnvy4GSbzZd4vu cardno:000615280015
-
-    $ mkdir sshca
-    $ ssh-keygen -t ed25519 -N '' -C 'Test CA' -f sshca/ca
-    $ cat sshca/ca.pub
-    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICAL7l1sQuKe4daLfKGZuiRPZZXquokQyH+p6utlZxZ+ Test CA
-    $ ssh-add -L > sshca/id_ed25519.pub
-    $ ssh-keygen -s sshca/ca -I test-dummy sshca/id_ed25519.pub
-    Signed user key sshca/id_ed25519-cert.pub: id "test-dummy" serial 0 valid forever
-    $ mkdir ~/.ssh
-    $ cp sshca/id_ed25519-cert.pub ~/.ssh/
-    $ ssh-keygen -Lf .ssh/id_ed25519-cert.pub
-    .ssh/id_ed25519-cert.pub:
-            Type: ssh-ed25519-cert-v01@openssh.com user certificate
-            Public key: ED25519-CERT SHA256:fuoQ5RdcNRAj0VAyw/vqA584nNW2HMYNGk4NQEFjTSM
-            Signing CA: ED25519 SHA256:2PibPv047BiDZQgl51bKRnY2ZXpcbAP1g7GjAZ0DArI (using ssh-ed25519)
-            Key ID: "test-dummy"
-            Serial: 0
-            Valid: forever
-            Principals: (none)
-            Critical Options: (none)
-            Extensions:
-                    permit-X11-forwarding
-                    permit-agent-forwarding
-                    permit-port-forwarding
-                    permit-pty
-                    permit-user-rc
+gpg/card> <b>generate</b>
+Make off-card backup of encryption key? (Y/n) n
+
+Please note that the factory settings of the PINs are
+   PIN = '123456'     Admin PIN = '12345678'
+You should change them using the command --change-pin
+
+Please specify how long the key should be valid.
+         0 = key does not expire
+      <n>  = key expires in n days
+      <n>w = key expires in n weeks
+      <n>m = key expires in n months
+      <n>y = key expires in n years
+Key is valid for? (0)
+Key does not expire at all
+Is this correct? (y/N) <b>y</b>
+
+GnuPG needs to construct a user ID to identify your key.
+
+Real name: Dummy
+Email address: dummy@dummy.co
+Comment:
+You selected this USER-ID:
+    "Dummy <dummy@dummy.co>"
+
+Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
+gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
+gpg: key B4A67FB911B1ED6B marked as ultimately trusted
+gpg: directory '/home/user/.gnupg/openpgp-revocs.d' created
+gpg: revocation certificate stored as '/home/user/.gnupg/openpgp-revocs.d/A157C7E15F3D6C7445B40626B4A67FB911B1ED6B.rev'
+public and secret key created and signed.
+
+gpg/card> list
+
+Reader ...........: Yubico YubiKey OTP FIDO CCID 00 00
+Application ID ...: D2760001240103040006152800150000
+Application type .: OpenPGP
+Version ..........: 3.4
+Manufacturer .....: Yubico
+Serial number ....: 15280015
+Name of cardholder: [not set]
+Language prefs ...: [not set]
+Salutation .......:
+URL of public key : [not set]
+Login data .......: [not set]
+Signature PIN ....: not forced
+Key attributes ...: ed25519 cv25519 ed25519
+Max. PIN lengths .: 127 127 127
+PIN retry counter : 3 0 3
+Signature counter : 4
+KDF setting ......: off
+Signature key ....: A157 C7E1 5F3D 6C74 45B4  0626 B4A6 7FB9 11B1 ED6B
+      created ....: 2020-10-05 09:45:47
+Encryption key....: 2B46 118B DEB3 4AAC 4951  63DE 286C 74DF 1104 5D46
+      created ....: 2020-10-05 09:45:47
+Authentication key: FFE2 8767 DD98 CD3F 587A  19F9 B1B9 E836 16EF 39E7
+      created ....: 2020-10-05 09:45:47
+General key info..:
+pub  ed25519/B4A67FB911B1ED6B 2020-10-05 Dummy <dummy@dummy.co>
+sec>  ed25519/B4A67FB911B1ED6B  created: 2020-10-05  expires: never     
+                                card-no: 0006 15280015
+ssb>  ed25519/B1B9E83616EF39E7  created: 2020-10-05  expires: never     
+                                card-no: 0006 15280015
+ssb>  cv25519/286C74DF11045D46  created: 2020-10-05  expires: never     
+                                card-no: 0006 15280015
+gpg/card> quit
+pub   ed25519 2020-10-05 [SC]
+      A157C7E15F3D6C7445B40626B4A67FB911B1ED6B
+uid                      Dummy <dummy@dummy.co>
+sub   ed25519 2020-10-05 [A]
+sub   cv25519 2020-10-05 [E]
+
+$ ssh-add -L
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGzO7860chQPMw0NuLDhBqZd1IcfIqBnvy4GSbzZd4vu cardno:000615280015
+
+$ mkdir sshca
+$ ssh-keygen -t ed25519 -N '' -C 'Test CA' -f sshca/ca
+$ cat sshca/ca.pub
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICAL7l1sQuKe4daLfKGZuiRPZZXquokQyH+p6utlZxZ+ Test CA
+$ ssh-add -L > sshca/id_ed25519.pub
+$ ssh-keygen -s sshca/ca -I test-dummy sshca/id_ed25519.pub
+Signed user key sshca/id_ed25519-cert.pub: id "test-dummy" serial 0 valid forever
+$ mkdir ~/.ssh
+$ cp sshca/id_ed25519-cert.pub ~/.ssh/
+$ ssh-keygen -Lf .ssh/id_ed25519-cert.pub
+.ssh/id_ed25519-cert.pub:
+        Type: ssh-ed25519-cert-v01@openssh.com user certificate
+        Public key: ED25519-CERT SHA256:fuoQ5RdcNRAj0VAyw/vqA584nNW2HMYNGk4NQEFjTSM
+        Signing CA: ED25519 SHA256:2PibPv047BiDZQgl51bKRnY2ZXpcbAP1g7GjAZ0DArI (using ssh-ed25519)
+        Key ID: "test-dummy"
+        Serial: 0
+        Valid: forever
+        Principals: (none)
+        Critical Options: (none)
+        Extensions:
+                permit-X11-forwarding
+                permit-agent-forwarding
+                permit-port-forwarding
+                permit-pty
+                permit-user-rc
 </pre>
 At this point, you have to copy the CA's public key into your server's authorized_keys file . This can't be done with ssh-copy-id as the CA's key is not loaded into you ssh-agent nor available in the ~/.ssh directory.
 You should have something like :