Securing sudo and su with Google authenticator

Passwords suck. There I said it.
That’s why it’s usually preferred to access systems with private / public key authentication. Especially popular with ssh connections.

Nonetheless — even a private key can get compromised. It lives — most of the times — on your local machine and therefore can be exposed to other security threats like malware etc.
So let’s assume at some point our keys get compromised and an attacker is able to log in with the key to one of our servers.
Most of the times this would go unnoticed (adding a…