Ok, so with the results from having a no-password exposed VNC server online for several weeks with no issue (not even to mention the IP posted online), I've now decided that I'll just block IPv4 entirely on services like SSH. This way you'll need the ssh key, the yubikey, and to access it through IPv6. Currently I think my auth failues were about 50,000 per week, so we'll see what this does. Also, the no-authentication PC is still up if you want to access it. The IP is in the previous post.