LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-21-2009, 04:09 AM   #1
jaredscott
LQ Newbie
 
Registered: Aug 2009
Posts: 24

Rep: Reputation: 0
Smile SSH server with account management


Hi all

I have setup a Fedora linux server (might be changing that to CentOS) and I am using OpenSSH to allow inbound remote connections to the box. Everything is functioning correctly, however, i have a few questions that I would really appreciate assistance with.

Firstly, the specs:

2GB RAM
Athlon 64 X2 4200
2500GB Bandwidth per month
160GB HDD

Alright, what I need to do is allow multiple remote users to connect to the box via SSH, for which I will charge them for the service that I will be offering. Obviously this poses the following questions:

Q: What is the max amount of SSH connections that the box will support?

I have determined that each SSH connection uses about 2Mb of RAM, which means that I can have a theoretical max of 1000 users connected. The amount of data running through these tunnels that the users will be creating is minimal, so processor usage will not be insane. Your thoughts?

Q: I will be allocating each user 10GB of internet bandwidth, how would I set up my box to monitor how much data has been consumed on a PER USER BASIS? I will need to halt their account when their cap has been reached.

Please could you let me know of any software or the like that will assist me with this endevor. I know that there are things like Cpanel but that is a bit overkill for my requirement, not to mention hellish expensive.

Really appreciate your time
 
Old 08-21-2009, 04:49 AM   #2
xeleema
Member
 
Registered: Aug 2005
Location: D.i.t.h.o, Texas
Distribution: Slackware 13.x, rhel3/5, Solaris 8-10(sparc), HP-UX 11.x (pa-risc)
Posts: 987
Blog Entries: 4

Rep: Reputation: 249Reputation: 249Reputation: 249
Greetingz!

Well, for what you're looking to do, it almost sounds like you're going to need a hand-written solution.

As for your 1,000 user max. Remember, you're going to have to leave a bit there for the Operating System, too (that's come back to haunt me a few times during usage calculations).

Regarding cPanel; It keeps track of bandwidth to a user's website (and maybe FTP, not sure), and it doesn't have any bearing on their SSH access. However, I'm not sure about SFTP access...that might also count against a user's bandwidth allocation.

The first thing that comes to mind would be to setup chrooted jailed accounts, accessible from Virtual IPs (which might have to be public-facing, and could get expensive).

Good luck!

(And if you find something out there to scratch this itch, come back and post the info for us! )
 
Old 08-21-2009, 06:59 AM   #3
ralfepoisson
LQ Newbie
 
Registered: Aug 2009
Posts: 1

Rep: Reputation: 1
Regarding your questions...

Q1: SSH connections

If you, at the bash prompt, type in "man sshd_config" you will see two configuration options :

MaxSessions - Maximum number of open sessions per network connection.

MaxStartups - Maximum number of concurrent unauthenticated connections.

While no limit is specifically set to the number of ssh connections, these two additional limits might affect performance.

Q2: Bandwidth Restriction

There are a few options for this, all involving adding bandwidth monitoring and then disabling a user account once they have gone over their allocated amount.

You could use the OpenSSH Traffic Accounting Patch, or vnstat with the graphical php front end is quite nice. Or you could do it the hardcore way with ntop and custom scripts.

Ralfe
 
Old 09-02-2009, 02:52 AM   #4
jaredscott
LQ Newbie
 
Registered: Aug 2009
Posts: 24

Original Poster
Rep: Reputation: 0
Excellent - thanks for the responses so far, really helpful

After reading them I had to sit down and actually decide how I am going to handle the situation.

I came up with the following solution (or should I say, idea :P)

1. Each month I will require a script to create all the SSH accounts with random usernames and passwords, set each account to have a limit of 2GB BW transfer limit using an accounting system mentioned above, as well as a script to disable accounts within a short time after they reach their cap

2. The usernames and passwords of all these SSH accounts need to exported to a text document and automatically emailed to a specific email address, perhaps this can be done at the same time as step 1

3. On the 30th of each month, all the SSH accounts need to be automatically deleted (as all the accounts are only valid for 30 days) and then the script from step 1 needs to run.

These are the specs of my box:

Athlon 64 X2 4200
• 1.5 GB DDR2 RAM
• 160 GB Hard Drive
• 2500 GB Traffic
• 100Mbps Connection

I have not chosen an operating system, but I am probably going to go with a linux distro with very high stability and a low resource footprint.

If you could assist me with any of the steps above I would be very grateful.

Thanks
 
  


Reply

Tags
account, monitoring, scripts, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH with passwordless public/private key not working on another account on server infocom Linux - Server 14 12-27-2010 06:09 AM
making a FTP account, fedora SSH counter strike server seandan Linux - Newbie 1 10-13-2006 05:20 PM
Account management for an hybrid net xowl Linux - Networking 0 01-17-2005 08:09 PM
User Account Management kawaii Linux - Newbie 3 03-19-2003 03:17 AM
Account Management Software bubsgt95 Linux - Software 1 01-10-2003 02:45 PM


All times are GMT -5. The time now is 05:12 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration