Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1898: How to disconnect an Inactive/Idle sessions?

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:37 AM

Applies to: All versions of Centrify OpenSSH

Question:
Is there a way to configure Centrify to disconnect an Inactive/Idle "OpenSSH" session to a Unix/Linux server after a specified period of time?

For example, If I log into host1.centrify.com thru ssh, I want my connection to disconnect after 30 minutes of inactivity.

Answer:
There are many ways to accomplish this. Please use only one of the following methods.

1) The timeout feature is already supported in some of the shells itself. For bash, you would simply add the following line in /etc/bashrc


TMOUT=1800
where 1800 secs = 30 minutes


(OR)

2) add
TMOUT=3000 in  /etc/profile

Then any user logging in using the bash shell (only) will be automatically logged out without any warning after 30 minutes of inactivity. The ssh screen itself will be closed.

(OR)

3) Using an OpenSSH server's
ClientAliveInterval, it is possible for the ssh server to send periodic "keep alive" messages to the ssh client, keeping the connection open indefinitely. This is useful when a firewall or other packet filtering device drops idle connections after a certain period of time.

Example (send "keep alive" messages every 5 minutes) on Red Hat Linux:

a. Add ClientAliveInterval 300 to sshd_config
b. Reload the sshd server configuration with "service sshd reload"

Note: you may want to configure the ClientAliveCountMax value in sshd_config to set the number of times that "keep alive" messages are sent. If ClientAliveCountMax number of "keep alive" messages are not acknowledged by the ssh client, the connection is terminated by the ssh server. The default value of 3 should be sufficient for most users.

Note: You can use Centrify SSH group policies to set up ClientAliveInterval, refer to our Group Policy guide on how to do this.

4) This script can be used as a cron job:
******************************************

#!/usr/bin/python
import os
# change these commands to match your
# system's paths:
#
WHO = '/usr/bin/who -u'
KILL = '/bin/kill %s'

logins = os.popen(WHO)
for login in logins:
    info = login.split()
    if info[5].strip() == 'old':
        os.system(KILL % info[6])

******************************************

Note: Centrify is not responsible if none of the above solutions work as this is outside the scope of the product. We have provided this information as a courtesy.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.