LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices


Reply
  Search this Thread
Old 09-18-2017, 05:35 AM   #1
cronny
LQ Newbie
 
Registered: Sep 2017
Posts: 4

Rep: Reputation: Disabled
Autologout/Autolock of local sessions


Hello World,

I tried solving my issue using Google, but I found only general solutions that are not applicable in my case:

We would like to implement a function, that automatically logs out users from sessions or locks them after e.g. 30 minutes. That's easy to solve. But:

This should only affect local sessions opened via IPMI of the server. Remote SSH sessions should not be affected by this. Thats why adding
Code:
TMOUT=1800
readonly TMOUT
export TMOUT
to ~/.bash_rc is not a valid solution in this case.

In addition we are using Linux Servers, so there is of course no GUI installed. That's why solving this using GNOME, KDE, what ever screensaver doesn't work either.

We're running CentOS 7.3, Debian 8 and 9 and SLES 12 SP1+2.

Is there anybody out there, having a solution for this?

Cheers
Dennis
 
Old 09-18-2017, 06:31 AM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by cronny View Post
This should only affect local sessions opened via IPMI of the server. Remote SSH sessions should not be affected by this.
Code:
TMOUT=1800
readonly TMOUT
export TMOUT
What are you wanting to do exactly?
Those commands are specific to a user's bash environment.
Code:
man ssh_config
May help.

Last edited by Habitual; 09-18-2017 at 06:37 AM.
 
Old 09-18-2017, 06:39 AM   #3
cronny
LQ Newbie
 
Registered: Sep 2017
Posts: 4

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post
or ssh only?
No, SSH session shall persist infinite.

Only physical sessions, like wenn you go to a server with a keyboard. IPMI creates the same kind of sessions. Those have to timeout so that technicians in the datacenter don't get access to a server if they would connect a monitor and a keayboard to it.
 
Old 09-18-2017, 06:42 AM   #4
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,238

Rep: Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453
yes, what do you mean exactly by logging out users and locking users? (if there was no GUI and there are remote ssh sessions).
 
Old 09-18-2017, 06:55 AM   #5
cronny
LQ Newbie
 
Registered: Sep 2017
Posts: 4

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by pan64 View Post
yes, what do you mean exactly by logging out users and locking users? (if there was no GUI and there are remote ssh sessions).
OK, I'll try to give an example:

I have to work on a server, but SSH is broken. So I connect to the server via IPMI (iDRAC for Dell, ILO for HP) which gives me physical access to the server as if I connected a monitor and keyboard to it. I fix the SSH server and log in to the server using SSH an start doing my job via SSH. I start a job that takes a couple of times. In the meantime my browsersession to the IPMI times out an I close it without endind the physical session. I just forgot it.

What I want now is:
The physical session on the server should time out. If it doesn't, a technician of the datacenter can gain root access to the server in the worst case, just by plugging in a keyboard and a monitor to the server. So I want to lock or end this session this way, that when you do plug in a monitor and keyboard to the server, you will face the log in screen.

What I don't want is:
The SSH session should not time out, because I'm waiting for my job to finish and I want to see the result. I could use screen of course, but if someone didn't mind this, he may has to run this job again which is a waste of time.

I hope it's no understandable what I mean.

Last edited by cronny; 09-18-2017 at 06:57 AM. Reason: Typos
 
Old 09-18-2017, 07:06 AM   #6
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,238

Rep: Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453
so you want to know if that session was opened using ssh?
Just try to check the parent of your bash (and its parent and ....) and you can check if ssh was involved. (and if not you can set TMOUT.
from the other hand you may try to check the terminal (see man tty), probably that can be used too.
 
Old 09-18-2017, 07:07 AM   #7
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,238

Rep: Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453
so you want to know if that session was opened using ssh?
Just try to check the parent of your bash (and its parent and ....) and you can check if ssh was involved. (and if not you can set TMOUT.
from the other hand you may try to check the terminal (see man tty), probably that can be used too.
 
Old 09-18-2017, 07:31 AM   #8
cronny
LQ Newbie
 
Registered: Sep 2017
Posts: 4

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by pan64 View Post
so you want to know if that session was opened using ssh?
Just try to check the parent of your bash (and its parent and ....) and you can check if ssh was involved. (and if not you can set TMOUT.
from the other hand you may try to check the terminal (see man tty), probably that can be used too.
So, when I assume that every physical session is running as /dev/tty$, would the following in a ~/.bash_rc work?
Code:
if [[ $(tty) =~ /dev\/tty$ ]]; then TMOUT=1800; fi
I think this should timeout every tty session but not affect SSH sessions, because they should be under /dev/pts$ ?
 
Old 09-18-2017, 07:37 AM   #9
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 16,238

Rep: Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453Reputation: 5453
I think so, yes, but you need to check it that is really true.
 
Old 09-18-2017, 10:21 AM   #10
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Is this ssh session launched from the IPMI "dashboard" or http://web:interface ?

Browser activity "time outs" and ssh timeouts are not necessarily the same thing?

Last edited by Habitual; 09-18-2017 at 10:22 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to autologout from server i.you Linux - Newbie 1 01-06-2010 08:22 AM
[SOLVED] How to configure toggling between local and remote X sessions? damgar Linux - Software 3 12-26-2009 08:06 PM
SSH-Autologout XaViaR Linux - Security 2 02-17-2005 10:42 AM
autologout, vnc Tredo Linux - General 0 12-16-2004 12:01 PM
terminal autologout FLOODS Linux - Newbie 2 01-25-2004 07:21 AM

LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise

All times are GMT -5. The time now is 07:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration