Molly-Guard is a utility for Debian/Ubuntu systems that will prevent accidental remote shutdowns or reboots. This overview will explain how to get it up and running.
If you regularly work remotely with multiple PCs, servers or VMs, there's a good chance you'll end up doing what we all promise ourselves we won't: enter commands on the wrong system.
Sometimes, making this mistake won't be too costly, and if you do any damage, I'm sure you have backups you can roll back to, right?
But what if you think you're shutting down a non-critical system, but you end up taking something important down, with no way of starting it back up? (Maybe it's that one ancient server your company has in a remote datacentre which doesn't have a remote power on method).
What if you have a problematic server that has issues even if you reboot it?
Your need a Molly-guard
The name Molly-guard originates from a phyisical barrier to stop a system being accidentally shutdown.
Originally a Plexiglas cover improvised for the Big Red Switch on an IBM 4341 mainframe after a programmer's toddler daughter (named Molly) tripped it twice in one day.
-- Wikipedia
This endearing term has stuck around, becoming a general term for physical and software barriers. The aptly-named Molly-Guard
package will prompt you to enter the system hostname if you try to send a reboot
or shutdown
command via SSH.
Molly-Guard for Linux
You can install the small Molly-Guard utility on Debian systems using the command: apt-get install molly-guard
Once installed trying to reboot or shutdown via SSH will result in the prompt:
root:~# reboot
W: molly-guard: SSH session detected!
Please type in hostname of the machine to reboot:
If you think you're on another machine and enter the name incorrectly, your blushes will be spared.
root:~# reboot
W: molly-guard: SSH session detected!
Please type in hostname of the machine to reboot: theotherhost
Good thing I asked; I won't reboot plsdontreboot ...
W: aborting reboot due to 30-query-hostname exiting with code 1.
Below we can see a successful shutdown command, but fortunately, it don't block prompt for all shutdown
commands: if you need to cancel a shutdown with shutdown -c
, it let's that through without checking:
root:~# sudo shutdown
W: molly-guard: SSH session detected!
Please type in hostname of the machine to shutdown: plsdontreboot
Broadcast message from root@plsdontreboot on pts/1 (Sat 2022-09-10 11:38:21 UTC):
The system is going down for poweroff at Sat 2022-09-10 11:39:21 UTC!
Shutdown scheduled for Sat 2022-09-10 11:39:21 UTC, use 'shutdown -c' to cancel.
root@plsdontreboot:~# shutdown -c
I: executing shutdown "-c" regardless of check results.
Broadcast message from root@plsdontreboot on pts/0 (Sat 2022-09-10 11:38:31 UTC):
The system shutdown has been cancelled
RHEL (CentOS 5 & 6)
It appears as though someone created a RHEL version of Molly-Guard with the same name, but is compatible only with CentOS 5 & 6. Given 6 went end-of-life at the end of 2021, you'll need to look elsewhere for currently supported solutions.
If you've made this mistake before, I'd love to hear: how bad was the fallout? If you use an alternate solution, let me know and I'll update the post.