Linux / UNIX Automatically Logout BASH / TCSH / SSH Users After a Period of Inactivity

Posted on in Categories , , , , , , , , , , , , last updated August 30, 2015

My development and testing webserver is used by over 100s of users. These users login from Windows XP, Linux, Mac OS X system via ssh/putty client. How do I set or automatically log users out after a period of inactivity under RHEL/Fedora/CentOS Linux server to improve server security and save some resources?

You can configure Linux or Unix-like system to automatically log users out after a period of inactivity. Simply login as the root user and create a file called /etc/profile.d/, enter:

# vi /etc/profile.d/

Append the following code:

readonly TMOUT
export TMOUT

Save and close the file. Set permissions:
# chmod +x /etc/profile.d/
Above script will implement a 5 minute idle time-out for the default /bin/bash shell.

A note about tcsh/csh user

You can also create tcsh version as follows:
# vi /etc/profile.d/autologout.csh
Append the following code:

set -r autologout 5

Save and close the file. Set permissions, enter:
# chmod +x /etc/profile.d/autologout.csh

Dealing with ssh clients

SSH allows administrators to set an idle timeout interval. After this interval has passed, the idle user will be automatically logged out. Open /etc/ssh/sshd config file, enter:
# vi /etc/ssh/sshd_config
Find ClientAliveInterval and set to 300 (5 minutes) as follows:

ClientAliveInterval 300
ClientAliveCountMax 0

Save and close the file. Restart sshd service:
# service sshd restart
OR use the following command on RHEL/CenOS 7.x or Fedora Linux server:
# systemctl restart sshd

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

19 comment

  1. We wanted something a bit more user explicit (log out idle users but not the boss(s)). The list of users below are exempt. Set this script in crontab to run every 10 minutes. With an idle of time of 30, the idled sessions will be no more than 39 minutes idle.
    Here is our script;

    #! /usr/bin/awk -f
    BEGIN {
    system("who -u | sort +5 > /tmp/loginfile");
    system("echo User Sessions Killed > /tmp/killedlogins");
    system("echo `date` >> /tmp/killedlogins");
    while (getline = 1) || (timearray[2] >= 30)) &&
    ($1 != "root") &&
    ($1 != "user2") &&
    ($1 != "user2") &&
    ($1 != "user4") &&
    ($1 != "lastuser")) { {
    system("ps -ef | grep " $1 " | awk '{print $2}' | xargs kill -KILL");
    print $1, "[Idle " $6 "] Session terminated from " $8 >> "/tmp/killedlogins";
  2. @MikeM: You can kill specific terminals with the command

    pkill -HUP -t pts/2

    you don’t need to send it the kill signal.

    You could also modify the original script so the TMOUT value only gets set for specific users

    case "$(id -un)" in
      root|sysadmin|backup) ;;
      *)    readonly TMOUT; export TMOUT=300;;
  3. TCSH uses the autologout variable instead of TMOUT so you’d need to create autologout.csh with something like the following, I’m not at all familiar with TCSH syntax.

    switch (`id -un`)
      case root:
      case sysadmin:
      case backup:
        unset autologout
        set -r autologout=100

Leave a Comment