Efficient User Management: Implementing Auto Logout for Inactive Sessions in a Shared Linux Server

In shared server environments, managing user sessions can be challenging due to security concerns and the risk of misuse. Manually monitoring active sessions on each system is impractical and time-consuming. However, there’s a straightforward solution: implementing an auto logout feature for inactive user sessions. In this tutorial, we’ll learn how to automatically log out users from local or SSH sessions after a specified period of inactivity on Unix-like systems. Let’s proceed to simplify and improve your user management process.

Method 1: Auto Logout using ~/.bashrc or ~/.bash_profile

1. Open the ~/.bashrc or ~/.bash_profile file:

vi ~/.bash_profile

or 

vi ~/.bashrc

2. Add the following line to set the auto-logout timeout in seconds (e.g., 100 seconds):

• TMOUT=100

3. Replace “100” with the desired number of seconds before automatic logout.

4. Save the changes by pressing Ctrl + O and then press Enter. To exit the text editor, press Ctrl + X.

5. If you made changes to /etc/profile, the changes will apply system-wide. However, if you edited ~/.bashrc, the changes will only affect the current user. In that case, you may need to log out and log back in for the changes to take effect.

6. Apply the changes by running the following command:

source ~/.bashrc

or 

source ~/.bash_profile

7. Now, when a user remains inactive for the specified period of time, they will be automatically logged out. To modify or delete this timeout setting, simply delete the added line from the ~/.bashrc or ~/.bash_profile file.

Method 2: Auto Logout using SSH server configuration

1. Edit the SSH config file:

sudo nano /etc/ssh/sshd_config

2. Locate the following options related to SSH inactivity:

ClientAliveInterval 
ClientAliveCountMax

• ClientAliveInterval: Sets a timeout interval in seconds after which if no data has been received from the client, sshd will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client. This option applies to protocol version 2 only.
• ClientAliveCountMax: Sets the number of client alive messages which may be sent without sshd receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. The default value is 3.

3. To configure an auto-logout interval of, for example, 10 minutes, set the values as follows:

ClientAliveInterval 600     # 10 minutes (10m x 60s) ClientAliveCountMax 0       # Disable client alive messages, terminate the session directly after the interval

4. Restart the SSH service after setting the values:

sudo service sshd restart

Now, inactive user sessions will be automatically logged out after the specified period of inactivity, improving security and managing shared server resources efficiently. Choose the method that suits your requirements best, and feel free to adjust the timeout value to meet your needs.

….Signing Off….