Help - Search - Members - Calendar
Full Version: Removing Idle Ssh Sessions
Linuxhelp > Support > Technical Support
nifflerX
Hi,

I'm currently running a lab with a bunch of Linux machines. They are all running Redhat Linux 8.0 and at least kernel 2.4.18-19 (some I believe are running .20). They are all aptiva or dell boxes and all have ssh dameon's up and running. I am having no problems sshing in and out of any my machines. My problem is that it appears as though not all the ssh sessions are being closed properly. When I type 'finger' at a command prompt I get:

username Real Name pts/2 19:36 Oct 31 16:19 (login.machine.name)

However, I don't want to keep this session open any longer. In fact I thought this session had been closed a long time ago (On October 31st to be precise). However the session is obviously still open and I don't know how to close it. I have tried a couple of things. The fist is typing in 'who -u' which gives me the following output:

username pts/2 Oct 31 16:19 19:38 3956 (login.machine.name)

however, I am not able to kill process 3956, I am told that the process does not exist. I have also tried to use skill with the -KILL -v flags and then pts/2 so my command looked like 'skill -KILL -v pts/2' but nothing happens. It runs with no errors but I get the same output from finger and who -u, as I did before.

What I'd like to do is be able to manually end these sessions (or even put them in script to be done manually). But, I believe I could write the script myself if I only knew how to end these sessions. If anyone has any information on how this could be done I would greatly appreciate it. Thanks in advance.

-nifflerX
Joey
Hi,

Check your sshd2_config for:

# IdleTimeOut 1h

And uncomment it out and restart ssh (which should also kill the idle sessions).
nifflerX
Hi,

Thanks for the advice, but I don't have a sshd2_config file in my /etc/ssh folder. I've got an sshd_config and a ssh_config, as well as a host of other rsa key files. Should I not be looking in my /etc/ssh directory? Also, I checked my sshd_config file for IdleTimeOut, but it doesn't exist in that file. Thanks again.


-nifflerX
hughesjr
Use the following variables in your /etc/sshd_config file to auto logout users:

ClientAliveInterval 900
ClientAliveCountMax 2


This will send a message every 900 seconds (15 minutes) of idle time to the logged in user and after the second message (30 minutes) log out the user ... adjust the time (in seconds) or the count (# of messages) ... the so to send a message every 60 minutes and to log out after 4 hours the variables in sshd_config would be:

ClientAliveInterval 3600
ClientAliveCountMax 4


This will only work for ssh2 clients ... so you also need to set the following variable:
Protocol 2

note that the default value for Protocol is 2,1 ... which will allow a version 1 ssh client to connect (that is a security issue and version 1 users won't automatically be disconnected, so changing the value to 2 is recommended).

see man sshd_config for more details...
----------------------------
If you kick off a process that takes longer than your timeout period, you won't be able to respond ... and you will get kicked out (and your process will end) ... which is bad!

Always use a & at the end of a process that will take longer than your timeout period ... you might also want to use nohup ... so if the timeout period will be 4 hours, as in my last example, and you want to kick off and oracle export (let's say you wrote a script named oracle_export (and put it in /usr/local/bin) that will take 5 hours, then the command to make it run in the background (and give status in nohup.out) would be (from within the directory that you want the file nohup.out to be created):

nohup /usr/local/bin/oracle_export &

The process will start and run in the background ... directing all output to the file nohup.out, you then go back to your ssh console and can exit (or get your session terminated) while the process still runs in the background...
nifflerX
Thanks very much, I really appreciate all the help. You've solved my problem.


-nifflerX
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.