Firstly you want to edit /etc/ssh/sshd_config to set up a timeout for SSH. You want to change the following lines;
ClientAliveCountMax 3
ClientAliveCountMax is how many concurrent connections each user can have.
Then we want to edit /etc/pam.d/system-auth and add this line to the top of the auth list;
auth required pam_tally2.so deny=3 onerr=fail unlock_time=900
And then add this line to the top of the account list;
account required pam_tally2.so
Restart the SSH Daemon, and now your users will be locked out if they have 3 failed password attempts. To reset this, you can simply run
pam_tally2 -u $username --reset
Next you want to create /etc/profile.d/autologout.sh and put the following lines in it
TMOUT=300 readonly TMOUT export TMOUT
Save that file and then
chmod +x /etc/profile.d/autologout.sh
This will log users out after 300 seconds (5 minutes). Relog and you can test this out yourself.
Enjoy!
Sign up here with your email
ConversionConversion EmoticonEmoticon