Woke up to a nonresponding Jetson Nano. Disconnected it and then mounted sdcard in different device and found /var/log/syslog consumed disk space with vino-server messages. Device was not directly connected to internet.
Feature ask: appreciate adding realvnc server to Jetpack in the future. please!
Disabled vnc and added 2fa using Yubikey to sshd. sharing instructions if others wish to add:
One-time: Website to generate Client ID (Replace_Client_ID) and Secret key (Replace_Secret_key) for pam.d/sshd: https://upgrade.yubico.com/getapikey
Install libpam-yubico:
sudo apt-get update
sudo apt-get install libpam-yubico
Include pam_yubico.so in sshd:
sudo nano /etc/pam.d/sshd
ADD: auth sufficient or required; sufficient means OTP correct then no password vs required needs both
auth required pam_yubico.so id=Replace_Client_ID key=Replace_Secret_key debug authfile=/etc/yubikey_mappings mode=client
Create yubikey_mapping:
sudo nano /etc/yubikey_mappings
ADD: first 12 characters (open texteditor and press Yubikey to get OTP)
Example:
user1:cabcdefghijk:2ndkeyOTP
Change sshd_config to 2fa:
sudo nano /etc/ssh/sshd_config
CHANGE no to yes and ADD:
ChallengeResponseAuthentication yes
AuthenticationMethods keyboard-interactive:pam
Restart sshd and test:
sudo service sshd restart
Open new terminal and try ssh user@host. Result should be working session after successful Yubikey challenge and password login.
If remotely setting this up, recommend keeping first ssh session open till you get it working.