Home Linux Tips & Tricks How To Auto Logout Inactive Users After A Period Of Time In Linux

How To Auto Logout Inactive Users After A Period Of Time In Linux

By sk
Published: Last Updated on 63.7K views

This brief tutorial explains three different ways to auto logout inactive users after a particular period of time in Linux and Unix-like systems.

Introduction

Picture this scenario. You are managing a shared server that is regularly being accessed by many users from all systems in the network.

There are chances that some user may forget to logout his session and left the session open. Leaving an user session open is dangerous and some users may misuse it intentionally.

Would you manually check each and every system to verify whether the users have logged out or not? It is not necessary! Also, It's quite time consuming task if there are hundreds of machines in your network.

Instead, you can make an user to auto logout from a local or SSH session after a particular period of inactivity.

Auto logout inactive users in Linux

We can auto logout inactive user sessions after certain time in three ways. Let us see the first method.

Method 1 - Disconnect inactive users by editing bashrc or bashprofile files:

Edit ~/.bashrc or ~/.bash_profile file:

$ nano ~/.bashrc

Or,

$ nano ~/.bash_profile

Add the following line at the end:

TMOUT=100
Configure user time out value in Linux

Configure user time out value in Linux

This makes the user to logout automatically after an inactivity of 100 seconds. You can define this value as per your convenient. Press ESC and type :wq to save the file and close it.

Apply the changes by running the following command:

$ source ~/.bashrc

Or,

$ source ~/.bash_profile

Now, leave the session idle for 100 seconds. After an inactivity of 100 seconds, you will see the following message and the user will be automatically logged out from the session.

timed out waiting for input: auto-logout
Connection to 192.168.122.181 closed.
Auto logout inactive users in Linux

Auto logout inactive users in Linux

This setting can be easily modified by the user. Because, ~/.bashrc file is owned by the user himself.

To modify or delete the timeout settings, simply delete the lines added above and apply the changes by running the following command:

$ source ~/.bashrc

Alternatively, the user can disable this by running the following commands:

$ export TMOUT=0

Or,

$ unset TMOUT

Since the timeout setting is stored in the user-owned ~/.bashrc file, s/he can easily bypass it by simply deleting the line. If you want to prevent the user from changing the settings, follow second method.

Method 2 - Terminate inactive users using a script:

Log in as root user.

Create a new file called "autologout.sh".

# vi /etc/profile.d/autologout.sh

Add the following lines:

TMOUT=100
readonly TMOUT
export TMOUT

Save and close the file.

Make it as executable using command:

# chmod +x /etc/profile.d/autologout.sh

Logout or reboot your system for the changes to take effect.

The inactive user will automatically be logged out after 100 seconds. The normal user can't change this settings even if he/she wanted to stay logged in the session. They will be thrown out exactly after 100 seconds.

These two methods are applicable for both local session and remote session i.e the locally logged-in users or the users logged-in from a remote system via SSH.

In the next method, we are going to see how to automatically logout only the inactive SSH sessions, not local sessions.

Method 3 - Auto Disconnect Inactive SSH sessions:

In this method, we will only making the SSH session users to log out after a particular period of inactivity.

Edit /etc/ssh/sshd_config file:

$ sudo vi /etc/ssh/sshd_config

Add/modify the following lines:

ClientAliveInterval 100
ClientAliveCountMax 0

Here,

  • ClientAliveInterval - Sets a timeout interval in seconds after which if no data has been received from the client, sshd will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client.
  • ClientAliveCountMax - Sets the number of client alive messages which may be sent without sshd receiving any messages back from the client. If you set zero (0) for ClientAliveCountMax, it disables connection termination. The default value is 3.

Press ESC key and type :wq to save and close this file. Restart sshd service to take effect the changes.

$ sudo systemctl restart sshd

Now, ssh to this system from a remote system. After 100 seconds, the ssh session will be automatically closed and you will see the following message:

$ Connection to 192.168.122.181 closed by remote host.
Connection to 192.168.122.181 closed.

From now on, whoever access this system from a remote system via SSH will automatically be logged out after an inactivity of 100 seconds.

You May Also Like

7 comments

Adam March 27, 2019 - 6:09 pm

thx a lot. Usefull !

Reply
jilldudlan@nospam.it October 5, 2019 - 9:31 am

Horrible idea. If someone is this intent on exerting this amount of control over users, why provide any accounts at all? And while at it, air gap the system and get it off the net. IT policy gone bad.

Reply
sk October 5, 2019 - 10:38 am

As stated in the guide, the user who is not active after certain time, for example 30 mins, will be logged out. I don’t see anything wrong here.

Reply
Ivan December 13, 2019 - 5:02 am

How can I check the session timeout configured on a linux server?

Reply
Adriano September 6, 2021 - 10:08 am

This doesn’t works with workstation with graphical interface
I’m working in virtual machine
Just the time to switch from one machine to another I have to login again on linux

Reply
Justin March 20, 2022 - 6:04 am

Hello! I am trying to only log out, not suspend the machine. After it logs out to the login screen, it prompts again that “you’ll be logged out for inactivity” and suspends the entire machine. Is there a way to only log off the inactive user?

Reply
sk March 20, 2022 - 12:36 pm

The instructions posted in this article will make the inactive users to forcibly log out after certain period of time. It doesn’t suspend the machine. The system won’t suspend, at lease in my case.

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More