How to use your Yubikey with ChromeOS Containers for SSH
While setting up my terminal VM on ChromeOS I wondered how I can use my Yubikey for SSH inside the Linux container for ChromeOS (Crostini). Right now there is no USB support for Linux containers with Project Crostini.
But I found out you can SSH into your container via
penguin.linux.test. When you setup an Open-SSH server and your SSH key for authentication, you can use the great Secure Shell App for ChromeOS with USB-Smartcard support. Now I can SSH into my container and use agent-forwarding for Git clone and SSH with other server in my Linux terminal.
To get the SSH server in the Linux container on ChromeOS running, I needed to rename
/etc/ssh/sshd_not_to_be_run. Put your key into
~/.ssh/authorized_keys as usual and you can use the Secure Shell App to connect to you Linux terminal:
When I am SSHed into my local Linux container I can work with my local workflow with my Yubikey for Git and VSCode for editing. My Chromebook is now perfectly capable for development tasks like a regular Linux machine.
I am running on ChromeOS Dev channel for some time. You may need to install and configure SSH differently in your Linux container.
This post was edited on a Chromebook in VSCode and pushed via SSH like this :)