1x2goclient smartcard HOWTO:
21. gpg card configuration:
3
4user@x2goclient$ gpg --card-edit
5
6Application ID ...: D2760001240102000000000000420000
7Version ..........: 2.0
8Manufacturer .....: test card
9Serial number ....: 00000042
10Name of cardholder: [not set]
11Language prefs ...: de
12Sex ..............: unspecified
13URL of public key : [not set]
14Login data .......: [not set]
15Private DO 1 .....: [not set]
16Private DO 2 .....: [not set]
17Signature PIN ....: forced
18Max. PIN lengths .: 24 24 24
19PIN retry counter : 3 0 3
20Signature counter : 0
21Signature key ....: [none]
22Encryption key....: [none]
23Authentication key: [none]
24General key info..: [none]
25
26Command> admin
27Admin commands are allowed
28
29Command> sex
30Sex ((M)ale, (F)emale or space): M
31gpg: 3 Admin PIN attempts remaining before card is permanently locked
32
33Admin PIN
34
35Command> login
36Login data (account name): beispielb
37
38Command> generate
39Make off-card backup of encryption key? (Y/n) n
40
41Please note that the factory settings of the PINs are
42   PIN = `123456'     Admin PIN = `12345678'
43You should change them using the command --change-pin
44
45
46PIN
47Please specify how long the key should be valid.
48         0 = key does not expire
49      <n>  = key expires in n days
50      <n>w = key expires in n weeks
51      <n>m = key expires in n months
52      <n>y = key expires in n years
53Key is valid for? (0)
54Key does not expire at all
55Is this correct? (y/N) y
56
57You need a user ID to identify your key; the software constructs the user ID
58from the Real Name, Comment and Email Address in this form:
59    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
60
61Real name: Bert Beispiel
62Email address: bert.beispiel@x2go-test.org
63Comment: Test user
64You selected this USER-ID:
65    "Bert Beispiel (Test user) <bert.beispiel@x2go-test.org>"
66
67Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
68gpg: generating new key
69gpg: please wait while key is being generated ...
70gpg: key generation completed (17 seconds)
71gpg: signatures created so far: 0
72gpg: generating new key
73gpg: please wait while key is being generated ...
74gpg: key generation completed (14 seconds)
75gpg: signatures created so far: 1
76gpg: signatures created so far: 2
77gpg: generating new key
78gpg: please wait while key is being generated ...
79gpg: key generation completed (13 seconds)
80gpg: signatures created so far: 3
81gpg: signatures created so far: 4
82gpg: key 8CE52B35 marked as ultimately trusted
83public and secret key created and signed.
84
85gpg: checking the trustdb
86gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
87gpg: depth: 0  valid:   8  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 8u
88pub   1024R/8CE52B35 2009-09-24
89      Key fingerprint = 2475 8498 7FF4 2727 B476  F72E 7BF2 CFE9 8CE5 2B35
90uid                  Bert Beispiel (Test user) <bert.beispiel@x2go-test.org>
91sub   1024R/C7151669 2009-09-24
92sub   1024R/593801C0 2009-09-24
93
94
95Command> quit
96
97IMPORTANT: login Name is a name of user on remote system
98
992. configuring ssh connection
1002.1 start gpg-agent with ssh support
101
102Be sure, that pinentry-x2go is installed. For test purposes you can use other pinentry program, but for
103x2goclient pinentry-x2go is required (pinentry-x2go-gtk if you are using the gtk-version of x2goclient)
104
105user@x2goclient$ gpg-agent --enable-ssh-support --daemon --pinentry-program /usr/bin/pinentry-x2go
106GPG_AGENT_INFO=/tmp/gpg-Xh4lY7/S.gpg-agent:24620:1; export GPG_AGENT_INFO;
107SSH_AUTH_SOCK=/tmp/gpg-LO41WU/S.gpg-agent.ssh; export SSH_AUTH_SOCK;
108SSH_AGENT_PID=24620; export SSH_AGENT_PID;
109
1102.2 export SSH environment variables (copy gpg-agent output in console)
111user@x2goclient$ GPG_AGENT_INFO=/tmp/gpg-Xh4lY7/S.gpg-agent:24620:1; export GPG_AGENT_INFO;
112user@x2goclient$ SSH_AUTH_SOCK=/tmp/gpg-LO41WU/S.gpg-agent.ssh; export SSH_AUTH_SOCK;
113user@x2goclient$ SSH_AGENT_PID=24620; export SSH_AGENT_PID;
114
1152.3 You can check the key on your smartcard with:
116user@x2goclient$ ssh-add -l
1171024 ef:d5:8c:37:cb:38:01:8d:c2:30:00:ac:93:a2:43:98 cardno:000000000042 (RSA)
118
1192.4 Copy the public part of your key to the remote computer
120user@x2goclient$ ssh-copy-id beispielb@x2goserver
121beispielb@x2goserver's password:
122Now try logging in into the machine, e.g., via "ssh 'beispielb@x2goserver'", and check:
123
124  ~/.ssh/authorized_keys
125
126to make sure we haven't added extra keys that you weren't expecting.
127
1282.5 Testing ssh connection
129TBD
130