How to configure SSH session timeout in Rocky Linux 10.1 with sssd

April 13, 2026 at 1:40 pm Leave a comment

Recently , we started migrating our old CentOS 7.x servers to Rocky Linux 10.1. Due to compliance requirement we had to apply certain hardening rules on the OS. One of them is to automatically disconnect the user sessions after 5 minutes of idle .Previously we used to achieve this by modifying the values ClientAliveInterval and ClientAliveCountMax in sshd.config.Howver , it doesn’t work in the newer versions. Hence , we followed the below steps

Initially , we tried the systemd parameter , whereas we created a drop in file called in /etc/systemd/logind.conf with the below mentioned parameters.

[Login]
StopIdleSessionSec=300
KillUserProcesses=no

#systemctl restart systemd-logind

That worked well only for the local linux users and not for the AD users who login to the servers via SSH. This was due to SSSD SSH sessions are not properly registered with logind and we were getting the error “pam_systemd(sshd:session): Failed to get user record” as well. The command “loginctl list-sessions” does not list the AD users confirming the SSSD and systemd are not interacting with each other as expected.

Therefore , we went ahead with shell level timeout configuration by setting a global TMOUT value

  1. vi /etc/profile.d/idle.sh
    TMOUT=300
    readonly TMOUT
    export TMOUT
  2. chmod +x /etc/profile.d/idle.sh

You can confirm this on each SSH session by typing echo $TMOUT which will return the value.300

Please feel free to comment if you have achieved the same using different approach as it will help the community.

Thanks in advance

Entry filed under: HOW To's.

How to migrate a Exchange DAG using Nutanix MOVE.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trackback this post  |  Subscribe to the comments via RSS Feed

Archives

Categories

Follow Hope you like it.. on WordPress.com

Blog Stats

  • 94,963 hits