Addressing SSH auto-logout issues often involves configuring two key settings: the TMOUT shell variable and the StopIdleSessionSec setting in /etc/systemd/logind.conf.
Each plays a distinct role in session management and inactivity handling.
- TMOUT Variable: A Bash shell setting that defines the maximum idle time before automatic logout. It is crucial for users experiencing undesired SSH disconnections due to inactivity, especially in tasks with sporadic interaction.
- StopIdleSessionSec in systemd-logind: Located in /etc/systemd/logind.conf, this systemd configuration dictates the idle time before a session is terminated by systemd-logind.
Here is the error we usually get when the ssh auto-logout happens.
$ timed out waiting for input: auto-logout
Connection to host closed.
Table of Contents
Introduction to the TMOUT Variable in Linux
The TMOUT variable in Linux is an important environment variable, particularly used in Bash shell sessions, to automatically terminate a shell session after a set period of inactivity.
- Purpose: Sets a timeout for inactivity in a shell session, automatically exiting the session if no commands or inputs are executed within the specified duration.
- Security Usage: Acts as a critical security measure, especially in shared or public systems, preventing unauthorized access to unattended sessions.
- Configuration: Defined in seconds, for example, export TMOUT=300 in a .bashrc file or in a global file like /etc/profile, sets a 5-minute auto-logout for inactivity.
- Scope: The effect is localized to the shell session where it’s set and does not influence the entire system or other sessions.
- Default Behavior: By default, TMOUT is unset, meaning no auto-logout feature is active unless explicitly configured.
Change the TMOUT Variable to fix SSH auto logout issue in Linux
The TMOUT variable in Linux controls the automatic logout time due to inactivity in a shell session at the server side. Here are methods to change its value:
For the Current Shell Session
- Type export TMOUT=number_of_seconds in the terminal. For example, export TMOUT=600 sets a 10-minute timeout. This only affects the current shell session.
For All Future Shell Sessions
- For a Single User (Bash Shell):
- Edit the .bashrc or .bash_profile file in your home directory: vi ~/.bashrc.
- Add export TMOUT=number_of_seconds at the end. For example: export TMOUT=600.
- Save the file and exit.
- Apply changes with source ~/.bashrc or start a new session.
- Globally for All Users:
- Edit a global profile script like /etc/profile: sudo vi /etc/profile.
- Add export TMOUT=number_of_seconds.
- Save and exit. This will affect all users and applies to new sessions.
Notes:
- TMOUT is measured in seconds.
- Setting TMOUT to 0 disables auto-logout.
- Be cautious when setting TMOUT globally as it might impact scripts or sessions with expected inactivity.
- This setting is primarily for the Bash shell; other shells may have different methods.
By adjusting the TMOUT variable, you can enhance system security by ensuring that unattended shell sessions are automatically terminated after a specified period.
Introduction to StopIdleSessionSec in /etc/systemd/logind.conf
The StopIdleSessionSec setting in /etc/systemd/logind.conf is a configuration option for systemd-logind, a service in many Linux distributions that manages user logins.
This setting is instrumental in controlling the automatic termination of idle user sessions.
- Functionality: Specifies the maximum time a user session can remain idle before being automatically terminated by systemd-logind.
- Configuration File: Located in /etc/systemd/logind.conf, the main configuration file for the systemd-logind service.
- Purpose: Ensures that user sessions do not stay active indefinitely when not in use, crucial for multi-user systems or public computers.
- Security Implication: Helps prevent security risks associated with unattended or abandoned sessions.
- Value Format: The value is set in seconds.
- System-Wide Impact: Affects all user sessions managed by systemd-logind across the system.
Change the StopIdleSessionSec Setting to fix SSH auto logout issue in Linux
To change the StopIdleSessionSec setting in Linux, which controls the automatic termination of idle user sessions in systemd-logind, follow these steps:
- Open the Configuration File:
- Open a terminal.
- Login into the server
- Type sudo nano /etc/systemd/logind.conf (replace nano with your preferred text editor).
- Edit the StopIdleSessionSec Setting:
- Find or add the line StopIdleSessionSec=.
- Set the desired value in seconds (e.g., 1200 for 20 minutes). Use infinity to prevent automatic termination.
- Uncomment the line by removing the # if it’s commented out.
- Save and Exit the Editor:
- For nano: Press Ctrl + O, then Ctrl + X.
- For vim: Press :wq and Enter.
- Reload the systemd-logind Service:
- Apply changes with sudo systemctl restart systemd-logind.
Notes:
- Be cautious with the setting, especially on multi-user systems.
- Back up configuration files before editing.
- Choose a balanced value for security and user convenience.
By following these steps, you can effectively manage idle session timeouts on your Linux system using the StopIdleSessionSec setting.
Conclusion
Both TMOUT and StopIdleSessionSec are essential for efficiently managing session inactivity. Properly configuring these parameters can effectively resolve auto-logout concerns, enhancing user experience and system functionality.
15 SSH Best Practices Every Linux Admin Should Know
5 ways to fix ssh: connect to host port 22: Connection refused