Robot dedicated: better security than just username and password

I’m relatively new in my org and am their first professional DevOps engineer.

I’m working to migrate everything to the cloud sooner or later, but for now everything is on dedicated Hetzner servers we rent from them. We have nearly 40 dedicated servers with Hetzner!

I’m tightening all the server access, but issue is for me is there’s an Achilles heel to that, as the rescue system can be accessed via Robot, which will allow for full data access.

We currently use a password manager and share the same account with only a TOTP. This is pretty unacceptable for us as anyone could retain this information and it disconnects the service from our single sign on solution. I haven’t been able to find anything that suggests Hetzner supports OIDC :(

Or, has anyone managed to get a Just-In-Time credentials provider to work with Hetzner?

Please let me know how you secure your Hetzner accounts - note that to be absolutely clear we are not using Hetzner cloud