After my private key expired a few days ago I extended the lifetime of the key for another two years. Since I am using an OpenPGP SmartCard for storing the keys I had to edit card as well. After a few tries I gave up because gpg was always telling me that the keys exist on the card and was not willing to replace them.
Now I found a hint on how to reset the card to factory defaults . It is basically feeding the gpg-connect-agent with some hex stuff:
After this you can go on an re-set the pin and admin pin. The default values are: 123456 and 12345678.
Adding SSH Key for Authentication
Within this update of keys I also wanted to replace the SSH authentication key. The procedure is described in  and basically as follows. I created a 4096bit subkey for authentication purposes:
After that you can read the public key part using ssh-add:
Selecting the Active Card Reader
Using a Gemalto Shell Token on my Dell Laptop requires to expicitely select the card reader because otherwise ssh-agent would only prompt the internal card reader for an authentication key and that fails. According to  you can set the selected card reader in ~/.gnupg/scdaemon.conf. In my case I just uncomment the needed reader and restart the agent. The file content is: