Hi,
I’m trying to use yubikey with firefox installed in a container (I access firefox by ssh -X).
I made an usb passthrough and I can see yubikey when doing lsusb from the container, however firefox doesn’t seem to pick it up. I’m not even sure how to start to troubleshoot this 
Any help is appreciated.
Try using a unix-hotplug device type instead, this should inject the uevent in the container when plugged in, possibly making firefox happier.
I tried
lxc config device add test ykblue2 unix-hotplug vendorid=1050 productid=0120
with the second yubikey, but no luck.
Check for the content of /dev/bus/usb in the container before and after plugging the key to confirm that stuff shows up.
I believe you should also see some stuff in /dev/input.
You may also want to run udevadm monitor in the container to see if you get the hotplug events as you plug it in.
It appears correctly in /dv/bus/usb same as on the host, also udevadm monitor registers it.
I think it has to do more with firefox failing to communicate with it.
I noticed that for example, when using multipass virtualization, I need to install ubuntu-desktop (or ubuntu-desktop-minimal) in order for firefox to be able to communicate with the key. Just installing firefox is not sufficient.
So it may be that the image lacks some libraries. However, I also tried apt install ubuntu-desktop in lxd container, but no luck
Have a look at the documentation at https://linuxcontainers.org/lxd/docs/master/instances#type-unix-hotplug You can set the UID, GID, and mode. The default is no access to non-root.
Right, I was going to ask about that. It could simply be that the permissions on the files in /dev don’t allow for firefox to access them. Setting a suitable uid/gid/mode should help with that.