diff --git a/build/Dockerfile b/build/Dockerfile
index e90ff25..45f7557 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -4,7 +4,7 @@ FROM debian:sid-slim AS build
 ARG version
 
 # Install dependencies
-RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev
+RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev libfido2-dev pkg-config libcbor-dev
 
 # Build
 ADD https://github.com/ProtonMail/proton-bridge.git#${version} /build/
@@ -19,7 +19,7 @@ EXPOSE 143/tcp
 
 # Install dependencies and protonmail bridge
 RUN apt-get update \
-    && apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates \
+    && apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates libfido2-1 libcbor0 \
     && rm -rf /var/lib/apt/lists/*
 
 # Copy bash scripts
diff --git a/build/entrypoint.sh b/build/entrypoint.sh
index 1931087..bf2924d 100644
--- a/build/entrypoint.sh
+++ b/build/entrypoint.sh
@@ -2,6 +2,12 @@
 
 set -ex
 
+# Workaround for stale gpg-agent socket causing auth failures on restart
+# Cleans up leftover sockets in the GPG home directory
+if [ -d /root/.gnupg ]; then
+    rm -f /root/.gnupg/S.gpg-agent*
+fi
+
 # Initialize
 if [[ $1 == init ]]; then
 
@@ -23,13 +29,22 @@ else
     # socat will make the conn appear to come from 127.0.0.1
     # ProtonMail Bridge currently expects that.
     # It also allows us to bind to the real ports :)
-    socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 &
-    socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 &
+    socat TCP-LISTEN:25,fork,reuseaddr TCP:127.0.0.1:1025,nodelay &
+    socat TCP-LISTEN:143,fork,reuseaddr TCP:127.0.0.1:1143,nodelay &
 
     # Start protonmail
     # Fake a terminal, so it does not quit because of EOF...
     rm -f faketty
     mkfifo faketty
-    cat faketty | /protonmail/proton-bridge --cli $@
+
+    # Keep faketty open
+    sleep infinity > faketty &
+
+    # Start bridge reading from faketty
+    /protonmail/proton-bridge --cli $@ < faketty &
+    
+    # Wait for the bridge to exit
+    wait $!
+    exit $?
 
 fi
diff --git a/deb/entrypoint.sh b/deb/entrypoint.sh
index 13637e5..764ad0a 100644
--- a/deb/entrypoint.sh
+++ b/deb/entrypoint.sh
@@ -2,6 +2,12 @@
 
 set -ex
 
+# Workaround for stale gpg-agent socket causing auth failures on restart
+# Cleans up leftover sockets in the GPG home directory
+if [ -d /root/.gnupg ]; then
+    rm -f /root/.gnupg/S.gpg-agent*
+fi
+
 # Initialize
 if [[ $1 == init ]]; then
 
@@ -37,13 +43,22 @@ else
     # socat will make the conn appear to come from 127.0.0.1
     # ProtonMail Bridge currently expects that.
     # It also allows us to bind to the real ports :)
-    socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 &
-    socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 &
+    socat TCP-LISTEN:25,fork,reuseaddr TCP:127.0.0.1:1025,nodelay &
+    socat TCP-LISTEN:143,fork,reuseaddr TCP:127.0.0.1:1143,nodelay &
 
     # Start protonmail
     # Fake a terminal, so it does not quit because of EOF...
     rm -f faketty
     mkfifo faketty
-    cat faketty | protonmail-bridge --cli
+
+    # Keep faketty open
+    sleep infinity > faketty &
+
+    # Start bridge reading from faketty
+    protonmail-bridge --cli < faketty &
+
+    # Wait for the bridge to exit
+    wait $!
+    exit $?
 
 fi