It wasn’t too early, maybe 1997.

I was like 12 or so and I had just installed Linux.

I figured out, from the book I was working with, how to get my windows partition to automaticallyount at boot. Awesome!

I had not been able to figure out how to start “x” though.

So I rebooted into Windows, for on EFnet #linux, and asked around.

Got a command, wrote it down on a slip of paper, and rebooted into Linux.

I should mention, I also hadn’t figured out about privileges, or at least why you wouldn’t want to run around as root.

Anyway, I started typing in the command that I wrote down: rm -rf /.

I don’t have to tell you all, that is not the correct command. The correct command was startx.

After I figured it was taking way too long, I decided to look up what the command does, and then immediately shut down the system.

It was far too late.

There must at least be MFA somewhere on the path then.

Even just keys, I wouldn’t trust, unless they are stored on smartcards or some other physical “something I have”, require a PIN/passphrase. and centrally managed so they can be revoked and rotated. Too many people use unprotected SSH keys.

I…I don’t understand the question.

Also, yubikey or any other token. Plenty of MFA options compatible with sudo.

Nah just set up PAM to use TOTP or a third party MFA service to send a push to your phone for sudo privs.

Ooh I’ve been thinking about getting a VPS to set up wireguard from my house so I can get remote access (my ISP uses CGNAT and blocks inbound). I only do about 1TB a month, so these 3-4TB plans should more than cover my needs.