2

I use molly-guard on all my machines, but sometimes I want to ssh into a machine and execute a script which as a final step should reboot that machine, but then there is the issue that molly-guard kicks in and prompts me for the hostname.

I'm looking for something like the --molly-guard-do-nothing flag, but instead of doing nothing it would be called --molly-guard-do-not-ask and would not ask for confirmation.

The manpage has no info on this, so I'd like to know if there is a workaround.

I only need this to work when I have ssh'd into the machine; that is, it would never be needed in the context of a cronjob or so, but I wouldn't mind if it would work then as well.

To be more specific, this is the script in question:

sudo apt-get update && apt list --upgradable

echo ""
echo "---- ok. what next? ----"
echo ""
read -n 1 -p "exit or upgrade? (E/u) " ans;
case $ans in
  u|U) printf "\n\nok, invoking 'sudo apt-get upgrade'\n\n"; sudo apt-get upgrade;;
    *) printf "\nok, exited\n\n"; exit;;
esac

echo ""
echo "---- ok. what next? ----"
echo ""
read -n 1 -p "exit, autoremove or reboot? (E/a/r) " ans;
case $ans in
  a|A) printf "\n\nok, invoking 'sudo apt-get autoremove'\n\n"; sudo apt-get autoremove;;
  r|R) printf "\n\nok, invoking 'sudo reboot'\n\n"; sudo reboot;;
    *) printf "\nok, exited\n\n"; exit;;
esac

echo ""
echo "---- ok. what next? ----"
echo ""
read -n 1 -p "exit or reboot? (E/r) " ans;
case $ans in
  r|R) printf "\n\nok, invoking 'sudo reboot'\n\n"; sudo reboot;;
    *) printf "\nok, exited\n\n"; exit;;
esac
Daniel F
  • 867

1 Answers1

3

By default molly-guard only prompts for a hostname if it thinks it's in an interactive SSH login. It determines the "interactive" status by checking whether its standard input stream is connected to something that behaves as a terminal. (Specifically, its 30-query-hostname sub-script does test -t 0 || exit 0 before getting to the code that issues the prompt.)

You could force that test to fail by running your script with its standard input redirected from something that is not a terminal. /dev/null would be the conventional choice, something like:

$ my_script_that_will_trigger_a_reboot </dev/null

If your script needs to take input from the terminal before firing the reboot, and therefore you can't run the script with its stdin redirected, then you could modify the script to redirect stdin only for the reboot command. Perhaps even give your script an option that tells it whether to do the redirect on reboot, so that by default it will still be subject to molly-guard's intervention.

ottomeister
  • 393
  • Excellent! Replacing the line sudo reboot with sudo reboot </dev/null in the script does exactly what I need. Thanks! – Daniel F Jul 13 '19 at 21:35