Every once in awhile the SSH connection to my Linux server will die and I'll be left with a dead user. Here's how I discover the inactive session using the w
command:
15:26:26 up 13 days, 23:47, 2 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT raam pts/0 wfc-main.wfcorp. Mon10 2days 0.04s 0.04s -bash raam pts/1 pool-151-199-29- 15:26 0.00s 0.02s 0.01s w
You can easily tell there's an idle user by glancing at the IDLE column; the user in the first row has been idle for 2 days. There are many ways of killing idle users, but here I'll show you a few of my favorites. The bottom line is, you need to kill the parent process created by the idle user when he logged in. There are a number of ways of doing that.
Here is how I discover the parent process using the pstree -p
command:
├─screen(29380)───bash(29381)───naim(29384) ├─scsi_eh_0(903) ├─sshd(1997)─┬─sshd(32093)─┬─sshd(32095) │ │ └─sshd(32097)───bash(32098)─┬─mutt(32229) │ │ └─screen(32266) │ └─sshd(1390)─┬─sshd(1392) │ └─sshd(1394)───bash(1395)───pstree(1484) ├─syslogd(1937) └─usb-storage(904)
We need to find the parent PID for the dead user and issue the sudo kill -1
command. We use the -1
option because it's a cleaner way of killing processes; some programs, such as mutt, will end cleanly if you kill them with -1
. I can see by looking at the tree where I'm running the pstree
command, so I just follow that down the tree until I find a common process (branch) shared by both users; this happens to be sshd(1997)
.
You can see there are two branches at the point -- one for my current session and one for the idle session (I know this because I'm the only user logged into this Linux server and because I know I should only have one active session). So I simply kill the sshd(32093)
process and the idle user disappears.
Of course, if you're on a system with multiple users, or you're logged into the box with multiple connections, using the above method and searching through a huge tree of processes trying to figure out which is which will not be fun. Here's another way of doing it: Looking at the output from the w
command above, we can see that the idle users' TTY is pts/0
so now all we need is the PID for the parent process. We can find that by running who -all | grep raam
:
raam + pts/0 May 10 10:45 . 18076 (wfc-main.wfcorp.net) raam + pts/1 May 11 15:26 . 1390 (pool-151-199-29-190.bos.east.verizon.net)
Here we can see that 18076
is the PID for the parent process of pts/0
, so once we issue kill -1 18076
that idle session will be gone!
This page was really helpful!!!!
Thanks a lot,
Hey Carlos,
I’m happy to hear this page helped you. I still find myself referencing it from time to time!
Hi Raam,
These little tips are useful, and (some times) not so easy to find… so Cheers!!… really nice blog.
you can also use TMOUT=XX where XX is the number of seconds you want to wait for input before you close the bash shell. Just export TMOUT=300 or what ever in your bash profile.
Thanks for the tip, Michael! 🙂
u can use :
skill -KILL -v pts/0
Awesome, thanks for the tip, Fatih! 🙂
Simply great, thanks, Raam. And really useful tip, Fatih.
You’re welcome, Werner! 🙂
user logout or close the session. but i can see the user session is running in linux server.
commands:
ps -ef | grep username
who | grep username
can see many session is opened by the same user.
but i believe user not logged into the server.
can you help me how to clear up the session.
Hello,
Can we get the time of how long the process idle or inactive ?