Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I tried solving my issue using Google, but I found only general solutions that are not applicable in my case:
We would like to implement a function, that automatically logs out users from sessions or locks them after e.g. 30 minutes. That's easy to solve. But:
This should only affect local sessions opened via IPMI of the server. Remote SSH sessions should not be affected by this. Thats why adding
Code:
TMOUT=1800
readonly TMOUT
export TMOUT
to ~/.bash_rc is not a valid solution in this case.
In addition we are using Linux Servers, so there is of course no GUI installed. That's why solving this using GNOME, KDE, what ever screensaver doesn't work either.
We're running CentOS 7.3, Debian 8 and 9 and SLES 12 SP1+2.
Is there anybody out there, having a solution for this?
Only physical sessions, like wenn you go to a server with a keyboard. IPMI creates the same kind of sessions. Those have to timeout so that technicians in the datacenter don't get access to a server if they would connect a monitor and a keayboard to it.
yes, what do you mean exactly by logging out users and locking users? (if there was no GUI and there are remote ssh sessions).
OK, I'll try to give an example:
I have to work on a server, but SSH is broken. So I connect to the server via IPMI (iDRAC for Dell, ILO for HP) which gives me physical access to the server as if I connected a monitor and keyboard to it. I fix the SSH server and log in to the server using SSH an start doing my job via SSH. I start a job that takes a couple of times. In the meantime my browsersession to the IPMI times out an I close it without endind the physical session. I just forgot it.
What I want now is:
The physical session on the server should time out. If it doesn't, a technician of the datacenter can gain root access to the server in the worst case, just by plugging in a keyboard and a monitor to the server. So I want to lock or end this session this way, that when you do plug in a monitor and keyboard to the server, you will face the log in screen.
What I don't want is:
The SSH session should not time out, because I'm waiting for my job to finish and I want to see the result. I could use screen of course, but if someone didn't mind this, he may has to run this job again which is a waste of time.
I hope it's no understandable what I mean.
Last edited by cronny; 09-18-2017 at 06:57 AM.
Reason: Typos
so you want to know if that session was opened using ssh?
Just try to check the parent of your bash (and its parent and ....) and you can check if ssh was involved. (and if not you can set TMOUT.
from the other hand you may try to check the terminal (see man tty), probably that can be used too.
so you want to know if that session was opened using ssh?
Just try to check the parent of your bash (and its parent and ....) and you can check if ssh was involved. (and if not you can set TMOUT.
from the other hand you may try to check the terminal (see man tty), probably that can be used too.
so you want to know if that session was opened using ssh?
Just try to check the parent of your bash (and its parent and ....) and you can check if ssh was involved. (and if not you can set TMOUT.
from the other hand you may try to check the terminal (see man tty), probably that can be used too.
So, when I assume that every physical session is running as /dev/tty$, would the following in a ~/.bash_rc work?
Code:
if [[ $(tty) =~ /dev\/tty$ ]]; then TMOUT=1800; fi
I think this should timeout every tty session but not affect SSH sessions, because they should be under /dev/pts$ ?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.