My DC operation guys access Linux servers on a daily basis but somehow they never remember to log out. This is a security risk as anyone could gain access to the open console and create caos.
Today, yet again I’m forced to play the bad guy by dummy proofing my Linux servers by implementing default timeout for user sessions.
Bash and Korn both support the TMOUT variable which I will use to set the default timeout.
The etc/.bashrc file will apply the timeout system wide but if you need it to be user specific then modify the ~/.bashrc file instead.
Here’s how it’s done.
echo "TMOUT=300 >> /etc/bashrc
echo "readonly TMOUT" >> /etc/bashrc
echo "export TMOUT" >> /etc/bashrc
Log off, start a new session and wait for 5 minutes. Your session should terminate
Author comments are in a darker gray color for you to easily identify the posts author in the comments
This is helpful. what is the equivalent variable for c shell? I connect to the remote computer via ssh and I am being log out after certain time if I stop working. I checked the /etc/bashrc and /etc/csh.cshrc files in remote computer, and ~.bashrc and ~.cshrc files in my local computer but I could not find anything about the log out time. Where is this log out time hidden?
Thanks.
Danesh,
Does the soultion work if someone enables the keepalive configuration in the client application (like putty)? It will not, since the client will keep sending null packets to the server, so it will never seem like the client is idle.
Thanks,
Shrirang.
If you’re running debian check out timeoutd. Not sure if it will solve all your issues but it sure is nice to have that in one place.
Is it possible to set different timeouts for different users?
I mean I do not want user1 to be idle for more than, say, 5 minutes, but it is alright if user2 stays idle for an hour or so.
Is it possible to execute it?
vaibhav, you could try adding the above into the .bashrc file within your user’s user dir.
Tell me if it works
Thanks for posting the timeout instructions. I work with Ubuntu 10.04 and the 3 lines of code does in fact disconnect my user.
I modified the .bashrc file in the home directory.
Thanks!