Molly-Guard: a Lifesaver on a Ubuntu Server

Have you ever managed to type reload in the wrong terminal window and brought down a core switch (I probably did)? I managed to do the Ubuntu equivalent of that stupidity: I told my main Ubuntu server to sudo poweroff instead of doing that to a Vagrant VM.

Fortunately, the open-source world doesn’t have to rely on the roadmaps created by networking vendors’ product managers; if there’s a big enough pain, someone will solve it.

It took me seconds to find the molly-guard1 Ubuntu package. It intercepts all reboot-related commands, checks whether you’re on an SSH session, and asks for the hostname you want to reboot/power off:

$ sudo poweroff
W: molly-guard: SSH session detected!
Please type in hostname of the machine to poweroff: ^C
Good thing I asked; I won't poweroff brick2 ...

We’ve been rebooting the wrong Cisco IOS boxes for decades, and they still lack an equivalent mechanism. Even worse, I don’t remember ever seeing a reboot molly-guard on a networking device2. Have I missed something? Please leave a comment.

  1. Thanks to Wiktionary, we know who Molly was and what she did. ↩︎

  2. Yeah, I know I could use EEM or TACACS+ and check the reason, but hey, come on! ↩︎

1 comments:

  1. M Norrby 19 May 2026 09:19

    I agree! A lifesaver! And I have been saved more than once! :)

    But it is not as easy to get it working on RHEL or Centos or Rocky, and whatnot. Which pissed me off. Slightly.

    So I did something that I think is usable. Yet another molly-guard-rpm repo. And the way I did it is to actually use apt :) as a tool to create the RPM.

    If you are interested and need a working (and I would like to say the only working) RPM of molly guard. Check out GitHub norrby/molly-guard-rpm

    Molly RPM: https://github.com/norrby/molly-guard-rpm.

Add comment
Home
Sidebar