My development and testing webserver is used by over 100s of users. These users login from Windows XP, Linux, Mac OS X system via ssh/putty client. How do I set or automatically log users out after a period of inactivity under RHEL/Fedora/CentOS Linux server to improve server security and save some resources?

You can configure Linux or Unix-like system to automatically log users out after a period of inactivity. [donotprint]
Tutorial details
Difficulty level Easy
Root privileges Yes
Requirements Bash/KSH/TCSH
Est. reading time 2m
[/donotprint]Simply login as the root user and create a file called /etc/profile.d/, enter:

# vi /etc/profile.d/

Append the following code:

readonly TMOUT
export TMOUT

Save and close the file. Set permissions:
# chmod +x /etc/profile.d/
Above script will implement a 5 minute idle time-out for the default /bin/bash shell.

A note about tcsh/csh user

You can also create tcsh version as follows:
# vi /etc/profile.d/autologout.csh
Append the following code:

set -r autologout 5

Save and close the file. Set permissions, enter:
# chmod +x /etc/profile.d/autologout.csh

Dealing with ssh clients

SSH allows administrators to set an idle timeout interval. After this interval has passed, the idle user will be automatically logged out. Open /etc/ssh/sshd config file, enter:
# vi /etc/ssh/sshd_config
Find ClientAliveInterval and set to 300 (5 minutes) as follows:

ClientAliveInterval 300
ClientAliveCountMax 0

Save and close the file. Restart sshd service:
# service sshd restart
OR use the following command on RHEL/CenOS 7.x or Fedora Linux server:
# systemctl restart sshd

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 19 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
19 comments… add one
  • yoander Feb 25, 2009 @ 14:58

    nice tip

  • Liju Feb 25, 2009 @ 15:19

    Good tips .. :-)

  • marz Feb 25, 2009 @ 21:23

    while date ; do sleep 10 ; done


    watch -n 10 date


    • Gleventhal Aug 31, 2015 @ 0:34

      I don’t see how that is the same thing.

  • Boopalan Mar 7, 2009 @ 2:49

    i wont hardware networking /linux /ccna

  • MikeM Mar 31, 2009 @ 16:55

    We wanted something a bit more user explicit (log out idle users but not the boss(s)). The list of users below are exempt. Set this script in crontab to run every 10 minutes. With an idle of time of 30, the idled sessions will be no more than 39 minutes idle.
    Here is our script;

    #! /usr/bin/awk -f
    BEGIN {
    system("who -u | sort +5 > /tmp/loginfile");
    system("echo User Sessions Killed > /tmp/killedlogins");
    system("echo `date` >> /tmp/killedlogins");
    while (getline = 1) || (timearray[2] >= 30)) &&
    ($1 != "root") &&
    ($1 != "user2") &&
    ($1 != "user2") &&
    ($1 != "user4") &&
    ($1 != "lastuser")) { {
    system("ps -ef | grep " $1 " | awk '{print $2}' | xargs kill -KILL");
    print $1, "[Idle " $6 "] Session terminated from " $8 >> "/tmp/killedlogins";
    • 🐧 nixCraft Mar 31, 2009 @ 20:15


      Thanks for sharing your script.

  • Matteo D'Alfonso Jul 8, 2010 @ 8:53


    Only one note, on tcsh v. 6.14 you need to quote the value:

    set -r autologout=’5′

  • Indie May 20, 2011 @ 0:17

    @MikeM: You can kill specific terminals with the command

    pkill -HUP -t pts/2

    you don’t need to send it the kill signal.

    You could also modify the original script so the TMOUT value only gets set for specific users

    case "$(id -un)" in
      root|sysadmin|backup) ;;
      *)    readonly TMOUT; export TMOUT=300;;
  • Dougie Smythe Jun 21, 2011 @ 11:02

    Thanks Indie, that was what I was looking for. But I have both bash and tcsh users on my system. So how do I implement it in csh?


  • Indie Jun 21, 2011 @ 14:09

    TCSH uses the autologout variable instead of TMOUT so you’d need to create autologout.csh with something like the following, I’m not at all familiar with TCSH syntax.

    switch (`id -un`)
      case root:
      case sysadmin:
      case backup:
        unset autologout
        set -r autologout=100
  • Dougie Smythe Jun 24, 2011 @ 12:00

    Thanks so much for the tcsh syntax, Indie.
    I’ll give it a try.

  • Some Guy Dec 10, 2011 @ 15:19

    ClientAliveInterval 300
    ClientAliveCountMax 0

    This keeps sessions alive by sending nul packets every 300 seconds. It doesn’t disconnect idle users.

    • Me Mar 20, 2016 @ 21:57

      It does, the zero in “ClientAliveCountMax 0” is the key. Any other value does not until there is no response from the client for the specified amount of time.

  • Hal Apr 8, 2012 @ 5:48

    Can you have it execute a command like vlock instead of just logging you out?

  • Jose Tapia Mar 13, 2013 @ 22:32

    Thanks for the info, very usefull

  • Jeremy Aug 29, 2015 @ 23:49

    You made a typo. It’s /etc/ssh/sshd_config not /etc/ssh/sshd config. Just thought I’d point that out

  • Stan Sep 8, 2015 @ 11:14

    Hi all,
    Just a short information, setting TMOUT in /etc/profile.d/ won’t logout an ssh user if an sftp window is open.
    To remove this behavior prefer the sshd_config !

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum