Hello World,

I tried solving my issue using Google, but I found only general solutions that are not applicable in my case:

We would like to implement a function, that automatically logs out users from sessions or locks them after e.g. 30 minutes. That's easy to solve. But:

This should only affect local sessions opened via IPMI of the server. Remote SSH sessions should not be affected by this. Thats why adding
to ~/.bash_rc is not a valid solution in this case.

In addition we are using Linux Servers, so there is of course no GUI installed. That's why solving this using GNOME, KDE, what ever screensaver doesn't work either.

We're running CentOS 7.3, Debian 8 and 9 and SLES 12 SP1+2.

Is there anybody out there, having a solution for this?

Cheers
Dennis

What are you wanting to do exactly?
Those commands are specific to a user's bash environment.
May help.

No, SSH session shall persist infinite.

Only physical sessions, like wenn you go to a server with a keyboard. IPMI creates the same kind of sessions. Those have to timeout so that technicians in the datacenter don't get access to a server if they would connect a monitor and a keayboard to it.

yes, what do you mean exactly by logging out users and locking users? (if there was no GUI and there are remote ssh sessions).

OK, I'll try to give an example:

I have to work on a server, but SSH is broken. So I connect to the server via IPMI (iDRAC for Dell, ILO for HP) which gives me physical access to the server as if I connected a monitor and keyboard to it. I fix the SSH server and log in to the server using SSH an start doing my job via SSH. I start a job that takes a couple of times. In the meantime my browsersession to the IPMI times out an I close it without endind the physical session. I just forgot it.

What I want now is:
The physical session on the server should time out. If it doesn't, a technician of the datacenter can gain root access to the server in the worst case, just by plugging in a keyboard and a monitor to the server. So I want to lock or end this session this way, that when you do plug in a monitor and keyboard to the server, you will face the log in screen.

What I don't want is:
The SSH session should not time out, because I'm waiting for my job to finish and I want to see the result. I could use screen of course, but if someone didn't mind this, he may has to run this job again which is a waste of time.

I hope it's no understandable what I mean.

so you want to know if that session was opened using ssh?
Just try to check the parent of your bash (and its parent and ....) and you can check if ssh was involved. (and if not you can set TMOUT.
from the other hand you may try to check the terminal (see man tty), probably that can be used too.

so you want to know if that session was opened using ssh?
Just try to check the parent of your bash (and its parent and ....) and you can check if ssh was involved. (and if not you can set TMOUT.
from the other hand you may try to check the terminal (see man tty), probably that can be used too.

So, when I assume that every physical session is running as /dev/tty$, would the following in a ~/.bash_rc work?
I think this should timeout every tty session but not affect SSH sessions, because they should be under /dev/pts$ ?

I think so, yes, but you need to check it that is really true.

Is this ssh session launched from the IPMI "dashboard" or http://web:interface ?

Browser activity "time outs" and ssh timeouts are not necessarily the same thing?