This brief tutorial explains three different ways to auto logout inactive users after a particular period of time in Linux and Unix-like systems.
Introduction
Picture this scenario. You are managing a shared server that is regularly being accessed by many users from all systems in the network.
There are chances that some user may forget to logout his session and left the session open. Leaving an user session open is dangerous and some users may misuse it intentionally.
Would you manually check each and every system to verify whether the users have logged out or not? It is not necessary! Also, It's quite time consuming task if there are hundreds of machines in your network.
Instead, you can make an user to auto logout from a local or SSH session after a particular period of inactivity.
Auto logout inactive users in Linux
We can auto logout inactive user sessions after certain time in three ways. Let us see the first method.
Method 1 - Disconnect inactive users by editing bashrc or bashprofile files:
Edit ~/.bashrc
or ~/.bash_profile
file:
$ nano ~/.bashrc
Or,
$ nano ~/.bash_profile
Add the following line at the end:
TMOUT=100
This makes the user to logout automatically after an inactivity of 100 seconds. You can define this value as per your convenient. Press ESC
and type :wq
to save the file and close it.
Apply the changes by running the following command:
$ source ~/.bashrc
Or,
$ source ~/.bash_profile
Now, leave the session idle for 100 seconds. After an inactivity of 100 seconds, you will see the following message and the user will be automatically logged out from the session.
timed out waiting for input: auto-logout Connection to 192.168.122.181 closed.
This setting can be easily modified by the user. Because, ~/.bashrc
file is owned by the user himself.
To modify or delete the timeout settings, simply delete the lines added above and apply the changes by running the following command:
$ source ~/.bashrc
Alternatively, the user can disable this by running the following commands:
$ export TMOUT=0
Or,
$ unset TMOUT
Since the timeout setting is stored in the user-owned ~/.bashrc
file, s/he can easily bypass it by simply deleting the line. If you want to prevent the user from changing the settings, follow second method.
Method 2 - Terminate inactive users using a script:
Log in as root
user.
Create a new file called "autologout.sh"
.
# vi /etc/profile.d/autologout.sh
Add the following lines:
TMOUT=100 readonly TMOUT export TMOUT
Save and close the file.
Make it as executable using command:
# chmod +x /etc/profile.d/autologout.sh
Logout or reboot your system for the changes to take effect.
The inactive user will automatically be logged out after 100 seconds. The normal user can't change this settings even if he/she wanted to stay logged in the session. They will be thrown out exactly after 100 seconds.
These two methods are applicable for both local session and remote session i.e the locally logged-in users or the users logged-in from a remote system via SSH.
In the next method, we are going to see how to automatically logout only the inactive SSH sessions, not local sessions.
Method 3 - Auto Disconnect Inactive SSH sessions:
In this method, we will only making the SSH session users to log out after a particular period of inactivity.
Edit /etc/ssh/sshd_config
file:
$ sudo vi /etc/ssh/sshd_config
Add/modify the following lines:
ClientAliveInterval 100 ClientAliveCountMax 0
Here,
ClientAliveInterval
- Sets a timeout interval in seconds after which if no data has been received from the client, sshd will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client.ClientAliveCountMax
- Sets the number of client alive messages which may be sent without sshd receiving any messages back from the client. If you set zero (0) for ClientAliveCountMax, it disables connection termination. The default value is 3.
Press ESC
key and type :wq
to save and close this file. Restart sshd service to take effect the changes.
$ sudo systemctl restart sshd
Now, ssh to this system from a remote system. After 100 seconds, the ssh session will be automatically closed and you will see the following message:
$ Connection to 192.168.122.181 closed by remote host. Connection to 192.168.122.181 closed.
From now on, whoever access this system from a remote system via SSH will automatically be logged out after an inactivity of 100 seconds.
7 comments
thx a lot. Usefull !
Horrible idea. If someone is this intent on exerting this amount of control over users, why provide any accounts at all? And while at it, air gap the system and get it off the net. IT policy gone bad.
As stated in the guide, the user who is not active after certain time, for example 30 mins, will be logged out. I don’t see anything wrong here.
How can I check the session timeout configured on a linux server?
This doesn’t works with workstation with graphical interface
I’m working in virtual machine
Just the time to switch from one machine to another I have to login again on linux
Hello! I am trying to only log out, not suspend the machine. After it logs out to the login screen, it prompts again that “you’ll be logged out for inactivity” and suspends the entire machine. Is there a way to only log off the inactive user?
The instructions posted in this article will make the inactive users to forcibly log out after certain period of time. It doesn’t suspend the machine. The system won’t suspend, at lease in my case.