How to use your Yubikey with ChromeOS Containers for SSH

While setting up my terminal VM on ChromeOS I wondered how I can use my Yubikey for SSH inside the Linux container for ChromeOS (Crostini). Right now there is no USB support for Linux containers with Project Crostini.

But I found out you can SSH into your container via penguin.linux.test. When you setup an Open-SSH server and your SSH key for authentication, you can use the great Secure Shell App for ChromeOS with USB-Smartcard support. Now I can SSH into my container and use agent-forwarding for Git clone and SSH with other server in my Linux terminal.

To get the SSH server in the Linux container on ChromeOS running, I needed to rename /etc/ssh/sshd_not_to_be_run. Put your key into ~/.ssh/authorized_keys as usual and you can use the Secure Shell App to connect to you Linux terminal:

Secure Shell Setup

When I am SSHed into my local Linux container I can work with my local workflow with my Yubikey for Git and VSCode for editing. My Chromebook is now perfectly capable for development tasks like a regular Linux machine.

I am running on ChromeOS Dev channel for some time. You may need to install and configure SSH differently in your Linux container.

This post was edited on a Chromebook in VSCode and pushed via SSH like this :)