Ensure that no console sessions are left logged in (Linux)

On a Linux system with bash as a default shell, I want to configure automatic logout with the following criteria:

• Console sessions (VGA, serial, remote KVM, etc.) are logged out after a specified period of time
• Console sessions are logged out even when running "non-idle" processes such as top
• SSH sessions are not logged out in this fashion

The intent is to ensure that no console sessions, whether over VGA or remote KVM or serial, are left logged in by accident. I want to ensure this across our site.

The TMOUT environment variable doesn't quite serve my needs due to the second bullet.

I could work out a quick solution that kills login processes of a certain age, but that seems brittle and prone to side effects. I could look for shells whose /proc/$PID/fd/0 link to a /dev/tty*.

This seems like a problem that must have been solved already, though. Any pointers as to how this is accomplished are much appreciated.

You can run this script in crontab to eliminate sessions except ssh every couple of minutes:

pkill -t $(ps  aho tty,command | egrep -v ssh | cut -d" " -f1 |sort |uniq | paste -sd",")

ps aho tty,command would list procceses and their TTYs.
egrep -v ssh would remove ssh sessions from the list.
cut -d" " -f1 would select only TTY part of ps.
sort & uniq would remove duplicates.
paste -sd"," would make the list in comma formated to be compatible to run with pkill command.

pkill -t TTY would kill the proccess owned by TTY