Yubikey with Firefox from within the container

I’m trying to use yubikey with firefox installed in a container (I access firefox by ssh -X).
I made an usb passthrough and I can see yubikey when doing lsusb from the container, however firefox doesn’t seem to pick it up. I’m not even sure how to start to troubleshoot this :slight_smile:
Any help is appreciated.

Try using a unix-hotplug device type instead, this should inject the uevent in the container when plugged in, possibly making firefox happier.

I tried

lxc config device add test ykblue2 unix-hotplug vendorid=1050 productid=0120

with the second yubikey, but no luck.

Check for the content of /dev/bus/usb in the container before and after plugging the key to confirm that stuff shows up.

I believe you should also see some stuff in /dev/input.

You may also want to run udevadm monitor in the container to see if you get the hotplug events as you plug it in.

It appears correctly in /dv/bus/usb same as on the host, also udevadm monitor registers it.
I think it has to do more with firefox failing to communicate with it.
I noticed that for example, when using multipass virtualization, I need to install ubuntu-desktop (or ubuntu-desktop-minimal) in order for firefox to be able to communicate with the key. Just installing firefox is not sufficient.
So it may be that the image lacks some libraries. However, I also tried apt install ubuntu-desktop in lxd container, but no luck

Have a look at the documentation at https://linuxcontainers.org/lxd/docs/master/instances#type-unix-hotplug You can set the UID, GID, and mode. The default is no access to non-root.

Right, I was going to ask about that. It could simply be that the permissions on the files in /dev don’t allow for firefox to access them. Setting a suitable uid/gid/mode should help with that.