Rasberry Pi: VNC

touch /etc/init.d/vncboot

#!/bin/sh
# /etc/init.d/tightvncserver
# Customised by Stewart Watkiss
#http://www.penguintutor.com/linux/tightvnc
# Set the VNCUSER variable to the name of the user to start tightvncserver under
VNCUSER='pi'
eval cd ~$VNCUSER
case "$1" in
start)
su $VNCUSER -c '/usr/bin/tightvncserver :1'
echo "Starting TightVNC server for $VNCUSER "
;;
stop)
pkill Xtightvnc
echo "Tightvncserver stopped"
;;
*)
echo "Usage: /etc/init.d/tightvncserver {start|stop}"
exit 1
;;
esac
exit 0

chmod 755 /etc/init.d/vncboot

update-rc.d /etc/init.d/vncboot defaults
or
update-rc.d vncboot defaults

Change default 5900 port
vim.tiny /usr/bin/vncserver
$vncPort = 5900 + $displayNumber;

Tunnel VNC over SSH
ssh -L 5901:127.0.0.1:5901 -N -f -l rocky 192.168.1.100 (run where vncserver is running)

vncviewer 127.0.0.1:5901 (run on the client machine, localhost – that is right, the tunnel is already up)

No clipboard?
Run autocutsel -fork (on the remote machine)

Yubikey for Fedora and Debian

apt-get install libpam-yubico
yum install pam_yubico

FOR SSH:
/etc/pam.d/sshd
add before @include common-auth:
auth required pam_yubico.so mode=client id=X key=N

/etc/pam.d/auth-common
add “try_first_pass”
auth [success=1 default=ignore] pam_unix.so try_first_pass nullok_secure

~/.yubico/authorized_yubikeys
root:ccccccgerqe
john:ccccccgerqe

FOR GNOME/CONSOLE LOGIN:
if you want one file you need to specify the path in the /etc/pam.d/gdm-password or /etc/pam.d/login
auth sufficient pam_yubico.so id=16 authfile=/etc/yubikey_mappings