1x2goclient smartcard HOWTO: 21. gpg card configuration: 3 4user@x2goclient$ gpg --card-edit 5 6Application ID ...: D2760001240102000000000000420000 7Version ..........: 2.0 8Manufacturer .....: test card 9Serial number ....: 00000042 10Name of cardholder: [not set] 11Language prefs ...: de 12Sex ..............: unspecified 13URL of public key : [not set] 14Login data .......: [not set] 15Private DO 1 .....: [not set] 16Private DO 2 .....: [not set] 17Signature PIN ....: forced 18Max. PIN lengths .: 24 24 24 19PIN retry counter : 3 0 3 20Signature counter : 0 21Signature key ....: [none] 22Encryption key....: [none] 23Authentication key: [none] 24General key info..: [none] 25 26Command> admin 27Admin commands are allowed 28 29Command> sex 30Sex ((M)ale, (F)emale or space): M 31gpg: 3 Admin PIN attempts remaining before card is permanently locked 32 33Admin PIN 34 35Command> login 36Login data (account name): beispielb 37 38Command> generate 39Make off-card backup of encryption key? (Y/n) n 40 41Please note that the factory settings of the PINs are 42 PIN = `123456' Admin PIN = `12345678' 43You should change them using the command --change-pin 44 45 46PIN 47Please specify how long the key should be valid. 48 0 = key does not expire 49 <n> = key expires in n days 50 <n>w = key expires in n weeks 51 <n>m = key expires in n months 52 <n>y = key expires in n years 53Key is valid for? (0) 54Key does not expire at all 55Is this correct? (y/N) y 56 57You need a user ID to identify your key; the software constructs the user ID 58from the Real Name, Comment and Email Address in this form: 59 "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" 60 61Real name: Bert Beispiel 62Email address: bert.beispiel@x2go-test.org 63Comment: Test user 64You selected this USER-ID: 65 "Bert Beispiel (Test user) <bert.beispiel@x2go-test.org>" 66 67Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O 68gpg: generating new key 69gpg: please wait while key is being generated ... 70gpg: key generation completed (17 seconds) 71gpg: signatures created so far: 0 72gpg: generating new key 73gpg: please wait while key is being generated ... 74gpg: key generation completed (14 seconds) 75gpg: signatures created so far: 1 76gpg: signatures created so far: 2 77gpg: generating new key 78gpg: please wait while key is being generated ... 79gpg: key generation completed (13 seconds) 80gpg: signatures created so far: 3 81gpg: signatures created so far: 4 82gpg: key 8CE52B35 marked as ultimately trusted 83public and secret key created and signed. 84 85gpg: checking the trustdb 86gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model 87gpg: depth: 0 valid: 8 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 8u 88pub 1024R/8CE52B35 2009-09-24 89 Key fingerprint = 2475 8498 7FF4 2727 B476 F72E 7BF2 CFE9 8CE5 2B35 90uid Bert Beispiel (Test user) <bert.beispiel@x2go-test.org> 91sub 1024R/C7151669 2009-09-24 92sub 1024R/593801C0 2009-09-24 93 94 95Command> quit 96 97IMPORTANT: login Name is a name of user on remote system 98 992. configuring ssh connection 1002.1 start gpg-agent with ssh support 101 102Be sure, that pinentry-x2go is installed. For test purposes you can use other pinentry program, but for 103x2goclient pinentry-x2go is required (pinentry-x2go-gtk if you are using the gtk-version of x2goclient) 104 105user@x2goclient$ gpg-agent --enable-ssh-support --daemon --pinentry-program /usr/bin/pinentry-x2go 106GPG_AGENT_INFO=/tmp/gpg-Xh4lY7/S.gpg-agent:24620:1; export GPG_AGENT_INFO; 107SSH_AUTH_SOCK=/tmp/gpg-LO41WU/S.gpg-agent.ssh; export SSH_AUTH_SOCK; 108SSH_AGENT_PID=24620; export SSH_AGENT_PID; 109 1102.2 export SSH environment variables (copy gpg-agent output in console) 111user@x2goclient$ GPG_AGENT_INFO=/tmp/gpg-Xh4lY7/S.gpg-agent:24620:1; export GPG_AGENT_INFO; 112user@x2goclient$ SSH_AUTH_SOCK=/tmp/gpg-LO41WU/S.gpg-agent.ssh; export SSH_AUTH_SOCK; 113user@x2goclient$ SSH_AGENT_PID=24620; export SSH_AGENT_PID; 114 1152.3 You can check the key on your smartcard with: 116user@x2goclient$ ssh-add -l 1171024 ef:d5:8c:37:cb:38:01:8d:c2:30:00:ac:93:a2:43:98 cardno:000000000042 (RSA) 118 1192.4 Copy the public part of your key to the remote computer 120user@x2goclient$ ssh-copy-id beispielb@x2goserver 121beispielb@x2goserver's password: 122Now try logging in into the machine, e.g., via "ssh 'beispielb@x2goserver'", and check: 123 124 ~/.ssh/authorized_keys 125 126to make sure we haven't added extra keys that you weren't expecting. 127 1282.5 Testing ssh connection 129TBD 130