Date: Tue, 25 Oct 2005 19:52:42 -0400 (EDT) From: user <user@dhp.com> To: "Andrew P." <infofarmer@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: traffic accounting per username with ipfw in 5.4 ? (more) Message-ID: <Pine.LNX.4.21.0510251948350.8180-100000@shell.dhp.com> In-Reply-To: <cb5206420510250037m7bf98eabx3116263f380f0f86@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Oct 2005, Andrew P. wrote: > ipfw looks at the owner of a process, sshd in your > case. If you really need to account the not-locally- > initiated ssh traffic, start another sshd running as > the user (on another port), and connect to that > port [you can easily allow a user to connect only > to a selected server by editing sshd_config's]. > > Anyway, try thinking logically. How ipfw could > ever know what user traffic belongs to if all > authentication is handled by sshd internally. > Otherwise, it would be a security whole (though > some actions can certainly be logged to limited- > access log files). > > Hassle-free solutions, i.e. complex accounting > systems, come for money. Though, whatever > problem you might have, I'm sure somehow that > there's another way. I am open to suggestions :) Basically I have a system that is accessible via ssh _only_, and I need to find out how much ssh traffic each individual user is generating (both send and receive) over ssh. There are a large enough population of users that one sshd/user is not workable. So, it turns out there is a patch for openSSH that does per-user traffic accounting, which makes sense, since the sshd does know all that I am trying to ask of it. The only drawbacks are, the patch is unsupported (apparently the openssh developer is philosophically opposed to traffic counting in sshd (?)), and it does not count aborted transactions (so you could upload a few gigs, and then drop off, and that doesn't get counted). So that is one solution ... can you think of any other ways to count per-user traffic, if it is a given that it is all only ssh ? thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.21.0510251948350.8180-100000>