[hn92726819]

Isn't this a little over engineered? You can accomplish the same thing with a 5-line bash script. put protect.sh somewhere in your path:

    #!/bin/bash
    if [[ $SSH_TTY ]]; then
        read -p 'You are in SSH. Are you sure (enter hostname for yes)? '
        [[ $REPLY == $(hostname) ]] || exit 2
    fi
    exec "$@"

Then in your bashrc or zshrc:

    alias shutdown='protect.sh shutdown'
    alias reboot='protect.sh'
    alias sudo='sudo ' # Don't allow sudo to bypass the protection. Can do the same with doas

[jean_dupont]

Unfortunately we have to detect nested sessions too! When doing sudo -i, the $SSH env var can't be retrieve and we have to browse through the process tree and look for sshd. And we need fancy printing with colors too!