After I run 'who' as root I receive the list of logged on users, tough some of these are not really logged. What could be misconfigured ? I'm under Fedora Core 2 and mostly using ssh 3.6 to remote connect. Thnx.

If you're using SSH to remote connect, as are other users, sometimes their sessions get disconnected yet SSH won't kill the session.

What you can do is either let init inherit the processes and reap them, or just setup your SSH config to kill off users that get disconnected or have not done anything on their sessions for a pre-determined amount of time.

I've tried this...

KeepAlive yes
ClientAliveInterval 60
ClientAliveCountMax 5

In the sshd_config file. But it didn't work out, so I guess it's not coming from ssh but from the system. What could it be ?

Instead of "who", try using "w". It is a tad more informative, and it'll tell you how long someone's session has been inactive.

I've had it happen on my server where if I ran something within "screen", it left the user "logged in", and left a zombie process when it disconnected the screen.

You can go through and kill them manually (as I've found no way to avoid it if you have users improperly terminating sessions), or, if they've become zombies, let init reap them.

Also, while not the greatest practice, I just use "TCPKeepAlive yes". That seems to take care of when my PuTTY session gets whacked on accident.

Actually the table from 'who' is wrong, even with tcpkeepalive in sshd_config people are getting stuck and there are no processes to be killed...Guess it's the utmp file that's not being renewed, but why ? And how can I erase it ?

Okay, I'm stumped now.

The last suggestion I have is just hit up http://www.google.com/linux.

Sorry I couldn't be of more help.

Thnx anyway, gonna Google around to see if i can find more about it.