Last active
August 7, 2018 23:33
-
-
Save mkmik/43937687201db3062bf469467cf54859 to your computer and use it in GitHub Desktop.
Instructions for using ssh keypair from a smartcard (e.g. yubi nano) from inside docker (e.g. inside cloudready chromiumos)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Instructions for using ssh keypair from a smartcard (e.g. yubi nano) from inside docker (e.g. inside cloudready chromiumos) | |
| run a privileged container | |
| $ docker run -ti --name foo --privileged ubuntu bash | |
| Do once | |
| $ apt-get install pcscd scdaemon gnupg2 pcsc-tools ssh | |
| $ cat >>~/.gnupg/gpg-agent.conf <<EOF | |
| pinentry-program /usr/bin/pinentry-curses | |
| enable-ssh-support | |
| default-cache-ttl 600 | |
| max-cache-ttl 7200 | |
| EOF | |
| $ source <(echo 'export SSH_AUTH_SOCK=~/.gnupg/S.gpg-agent.ssh' | tee -a ~/.bashrc) | |
| Every time: | |
| $ gpgconf --launch gpg-agent | |
| $ gpg-connect-agent updatestartuptty /bye # makes sure pinentry-ncurses works |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
usb device passthrough should work on LXD but it's not yet supported by the crostini VM,
see https://bugs.chromium.org/p/chromium/issues/detail?id=831850&q=Proj%3DContainers%20&sort=-modified&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified