How to force a user to log out in Linux

A forced logout is for an active Linux session that must end before the user can exit normally, such as an abandoned SSH shell, an offboarding handoff, or an account change that should take effect immediately. Targeting the login session closes the user's shell without rebooting the host or interrupting unrelated accounts.

On systemd-based distributions, loginctl talks to systemd-logind and manages logins by session ID. A session-level termination is narrower than killing every process owned by the account, while terminate-user is reserved for cases where every login and the user's runtime resources must be removed.

Forced logout can discard unsaved editor buffers, terminate file transfers, and close database or deployment clients mid-operation. Confirm the username and session ID before signaling anything, especially on shared accounts where background jobs may run under the same identity after the interactive session is gone.

Related: How to show logged-in users in Linux
Related: How to lock a user account in Linux
Related: How to view processes by user in Linux

Steps to force a Linux user session to log out:

  1. List active sessions managed by systemd-logind. 
    $ loginctl list-sessions --no-legend
1 1000 user      seat0 tty2
7 1001 audituser -     pts/3

    The first column is the session ID. The third column is the username, and the final column shows the terminal when one is attached.

  2. Inspect the target session before ending it. 
    $ loginctl session-status 7
7 - audituser (1001)
           Since: Sat 2026-06-13 13:10:24 UTC; 18min ago
          Leader: 2234 (sshd)
             TTY: pts/3
          Remote: 203.0.113.10
         Service: sshd
           State: active
            Unit: session-7.scope
##### snipped #####

    Replace 7 with the session ID from the previous output.

  3. Terminate only the selected session. 
    $ sudo loginctl terminate-session 7

    This closes that login and all processes attached to the session, so unsaved shell, editor, and transfer state can be lost.

  4. Verify that the selected session no longer appears. 
    $ loginctl list-sessions --no-legend
1 1000 user seat0 tty2

    No output from terminate-session is normal. Use the fresh session listing as the confirmation step.

  5. Terminate every session for the account when the user must be fully disconnected. 
    $ sudo loginctl terminate-user audituser

    terminate-user kills all processes in all sessions for that user and removes the user's runtime resources.

  6. Verify that the account is no longer listed as logged in. 
    $ loginctl list-users --no-legend
1000 user

    The target account should be absent from list-users after all of its sessions have ended.

  7. Use a pkill fallback only when loginctl is unavailable and all remaining processes for the account must be stopped. 
    $ sudo pkill --signal TERM --euid audituser

    This targets every process running with that effective user ID, not just interactive shells.

    Related: How to view processes by user in Linux

  8. Escalate to SIGKILL only for processes that ignore SIGTERM. 
    $ sudo pkill --signal KILL --euid audituser

    SIGKILL cannot be caught by the target process, so it bypasses normal cleanup.

  9. Confirm that no visible processes remain for the account after the fallback. 
    $ ps -u audituser -o user,pid,tty,stat,args
USER         PID TT       STAT COMMAND

    A header-only result means no matching process is visible in the current process table.