I like it, because you have to resort to having physical access to the machine to restore any amount of access.

If you have one account, where you replaced the ssh password with a script that issued a challenge token you have to digitally sign with a Bitcoin key and no root account, I think you can effectively bar remote access otherwise.