yeah, that's a tough cookie ...sort of in the same vein, I had the bonkers idea of tying this https://github.com/RITRedteam/vishnu to a rotating MFA code. So the main server is the rotating code source of truth, and then if you lose access the port knocker hits the server in the MFA order to re-open ports