Linux设置长时间不操作自动断开连接

原文链接： https://yq.aliyun.com/articles/692274

简单梳理/etc/profile、/etc/bashrc、/etc/profile.d/、~/.bash_profile、~/.bashrc
CentOS7系统

1、/etc/profile

[root@centos7 ~]# cat /etc/profile

/etc/profile

System wide environment and startup programs, for login setup

Functions and aliases go in /etc/bashrc

It's NOT a good idea to change this file unless you know what you

are doing. It's much better to create a custom.sh shell script in

/etc/profile.d/ to make custom changes to your environment, as this

will prevent the need for merging in future updates.

pathmunge () {

case ":${PATH}:" in
    *:"$1":*)
        ;;
    *)
        if [ "$2" = "after" ] ; then
            PATH=$PATH:$1
        else
            PATH=$1:$PATH
        fi
esac

}

if [ -x /usr/bin/id ]; then

if [ -z "$EUID" ]; then
    # ksh workaround
    EUID=`/usr/bin/id -u`
    UID=`/usr/bin/id -ru`
fi
USER="`/usr/bin/id -un`"
LOGNAME=$USER
MAIL="/var/spool/mail/$USER"

fi

Path manipulation

if [ "$EUID" = "0" ]; then

pathmunge /usr/sbin
pathmunge /usr/local/sbin

else

pathmunge /usr/local/sbin after
pathmunge /usr/sbin after

fi

HOSTNAME=/usr/bin/hostname 2>/dev/null
HISTSIZE=1000
if [ "$HISTCONTROL" = "ignorespace" ] ; then

export HISTCONTROL=ignoreboth

else

export HISTCONTROL=ignoredups

fi

export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL

By default, we want umask to get set. This sets it for login shell

Current threshold for system reserved uid/gids is 200

You could check uidgid reservation validity in

/usr/share/doc/setup-*/uidgid file

if [ $UID -gt 199 ] && [ "/usr/bin/id -gn" = "/usr/bin/id -un" ]; then

umask 002

else

umask 022

fi

for i in /etc/profile.d/*.sh /etc/profile.d/sh.local ; do

if [ -r "$i" ]; then
    if [ "${-#*i}" != "$-" ]; then
        . "$i"
    else
        . "$i" >/dev/null
    fi
fi

done

unset i
unset -f pathmunge
2、 /etc/bashrc

[root@centos7 ~]# cat /etc/bashrc

/etc/bashrc

System wide functions and aliases

Environment stuff goes in /etc/profile

It's NOT a good idea to change this file unless you know what you

are doing. It's much better to create a custom.sh shell script in

/etc/profile.d/ to make custom changes to your environment, as this

will prevent the need for merging in future updates.

are we an interactive shell?

if [ "$PS1" ]; then
if [ -z "$PROMPT_COMMAND" ]; then

case $TERM in
xterm*|vte*)
  if [ -e /etc/sysconfig/bash-prompt-xterm ]; then
      PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm
  elif [ "${VTE_VERSION:-0}" -ge 3405 ]; then
      PROMPT_COMMAND="__vte_prompt_command"
  else
      PROMPT_COMMAND='printf "\033]0;%s@%s:%s\007" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
  fi
  ;;
screen*)
  if [ -e /etc/sysconfig/bash-prompt-screen ]; then
      PROMPT_COMMAND=/etc/sysconfig/bash-prompt-screen
  else
      PROMPT_COMMAND='printf "\033k%s@%s:%s\033\\" "${USER}" "${HOSTNAME%%.*}" "${PWD/#$HOME/~}"'
  fi
  ;;
*)
  [ -e /etc/sysconfig/bash-prompt-default ] && PROMPT_COMMAND=/etc/sysconfig/bash-prompt-default
  ;;
esac

fi
# Turn on parallel history
shopt -s histappend
history -a
# Turn on checkwinsize
shopt -s checkwinsize
[ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[u@h W]\$ "
# You might want to have e.g. tty in prompt (e.g. more virtual machines)
# and console windows
# If you want to do so, just add e.g.
# if [ "$PS1" ]; then
# PS1="[u@h:l W]\$ "
# fi
# to your custom modification shell script in /etc/profile.d/ directory
fi

if ! shopt -q login_shell ; then # We're not a login shell

# Need to redefine pathmunge, it get's undefined at the end of /etc/profile
pathmunge () {
    case ":${PATH}:" in
        *:"$1":*)
            ;;
        *)
            if [ "$2" = "after" ] ; then
                PATH=$PATH:$1
            else
                PATH=$1:$PATH
            fi
    esac
}

# By default, we want umask to get set. This sets it for non-login shell.
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
   umask 002
else
   umask 022
fi

SHELL=/bin/bash
# Only display echos from profile.d scripts if we are no login shell
# and interactive - otherwise just process them to set envvars
for i in /etc/profile.d/*.sh; do
    if [ -r "$i" ]; then
        if [ "$PS1" ]; then
            . "$i"
        else
            . "$i" >/dev/null
        fi
    fi
done

unset i
unset -f pathmunge

fi

vim:ts=4:sw=4

3、~/.bash_profile

.bash_profile

Get the aliases and functions

if [ -f ~/.bashrc ]; then

    . ~/.bashrc

fi

User specific environment and startup programs

PATH=$PATH:$HOME/bin

export PATH
4、~/.bashrc

.bashrc

User specific aliases and functions

alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

Source global definitions

if [ -f /etc/bashrc ]; then

    . /etc/bashrc

fi
5、/etc/profile.d/

[root@centos7 ~]# ls -al /etc/profile.d/
total 84
drwxr-xr-x. 2 root root 4096 May 22 09:47 .
drwxr-xr-x. 75 root root 8192 May 22 10:22 ..
-rw-r--r--. 1 root root 771 Apr 11 13:09 256term.csh
-rw-r--r--. 1 root root 841 Apr 11 13:09 256term.sh
-rw-r--r--. 1 root root 196 Mar 25 2017 colorgrep.csh
-rw-r--r--. 1 root root 201 Mar 25 2017 colorgrep.sh
-rw-r--r--. 1 root root 1741 Apr 11 04:20 colorls.csh
-rw-r--r--. 1 root root 1606 Apr 11 04:20 colorls.sh
-rw-r--r--. 1 root root 80 Apr 11 12:18 csh.local
-rw-r--r--. 1 root root 1706 Apr 11 13:09 lang.csh
-rw-r--r--. 1 root root 2703 Apr 11 13:09 lang.sh
-rw-r--r--. 1 root root 123 Jul 31 2015 less.csh
-rw-r--r--. 1 root root 121 Jul 31 2015 less.sh
-rw-r--r-- 1 root root 148 May 22 09:47 path.sh
-rw-r--r--. 1 root root 81 Apr 11 12:18 sh.local
-rw-r--r--. 1 root root 105 Apr 11 07:54 vim.csh
-rw-r--r-- 1 root root 269 May 22 09:42 vim.sh
-rw-r--r--. 1 root root 164 Jan 28 2014 which2.csh
-rw-r--r--. 1 root root 169 Jan 28 2014 which2.sh
/etc/profile

    |- System wide environment and startup programs, for login setup

    |- 用于登录设置的全系统环境和启动程序

/etc/bashrc

    |- System wide functions and aliases

    |- 系统范围的函数和别名

/etc/profile.d/

    |- It's much better to create a custom.sh shell script in /etc/profile.d/ to make custom changes to your environment, as this will prevent the need for merging in future updates.

    |- 最好在/etc/profile.d/中创建一个custom.Shell脚本，以便对环境进行自定义更改，因为这将避免在将来的更新中合并。

~/.bash_profile

    |- User specific environment and startup programs

    |- 用户特定环境和启动程序

~/.bashrc

    |- User specific aliases and functions

    |- 用户特定别名和函数

系统启动时加载 /etc/profile -> 内部加载 /etc/profile.d/ 路径下的*.sh脚本；

用户登录时加载 ~/.bash_profile -> 内部加载 ~/.bashrc -> 内部加载 /etc/bashrc -> 内部加载 /etc/profile.d/ 路径下的*.sh脚本；

用户退出时加载 ~/.bash_logout ；

结论：

在 /etc/profile 中配置系统变量；

在 ~/.bash_profile 中配置用户变量；

SSH连接linux时，长时间不操作就断开的解决方案（增强版）
1、第一次尝试失败
修改/etc/ssh/sshd_config文件，

找到

ClientAliveInterval 0

ClientAliveCountMax 3

并将注释符号（"#"）去掉,

将ClientAliveInterval对应的0改成60,

ClientAliveInterval指定了服务器端向客户端请求消息 的时间间隔, 默认是0, 不发送.
ClientAliveInterval 60表示每分钟发送一次, 然后客户端响应, 这样就保持长连接了.
ClientAliveCountMax, 使用默认值3即可.

ClientAliveCountMax表示服务器发出请求后客户端没有响应的次数达到一定值, 就自动断开.
正常情况下, 客户端不会不响应.

重起sshd服务：

service sshd restart

依旧没多久就断开窗口

2、第二次尝试成功
为了增强Linux系统的安全性，我们需要在用户输入空闲一段时间后自动断开，这个操作可以由设置TMOUT值来实现。将以下字段加入到/etc/profile 中即可（对所有用户生效）。

export TMOUT=900 # 设置900秒内用户无操作就字段断开终端

readonly TMOUT # 将值设置为readonly 防止用户更改

注意：设置了readonly 之后在当前shell下是无法取消的，需要先将/etc/profile 中设置readonly行注释起来或直接删除，logout 后重新login 。

$ export TMOUT=900

$ readonly TMOUT

$ unset TMOUT

-bash: unset: TMOUT: cannot unset: readonly variable

vim /etc/profile.d/tmout.sh

TMOUT=300

#readonly  TMOUT

export  TMOUT

source /etc/profile.d/tmout.sh

TMOUT:设置超时时间

readonly:设置变量为只读