Hi all

I have setup a Fedora linux server (might be changing that to CentOS) and I am using OpenSSH to allow inbound remote connections to the box. Everything is functioning correctly, however, i have a few questions that I would really appreciate assistance with.

Firstly, the specs:

2GB RAM
Athlon 64 X2 4200
2500GB Bandwidth per month
160GB HDD

Alright, what I need to do is allow multiple remote users to connect to the box via SSH, for which I will charge them for the service that I will be offering. Obviously this poses the following questions:

Q: What is the max amount of SSH connections that the box will support?

I have determined that each SSH connection uses about 2Mb of RAM, which means that I can have a theoretical max of 1000 users connected. The amount of data running through these tunnels that the users will be creating is minimal, so processor usage will not be insane. Your thoughts?

Q: I will be allocating each user 10GB of internet bandwidth, how would I set up my box to monitor how much data has been consumed on a PER USER BASIS? I will need to halt their account when their cap has been reached.

Please could you let me know of any software or the like that will assist me with this endevor. I know that there are things like Cpanel but that is a bit overkill for my requirement, not to mention hellish expensive.

Really appreciate your time

Greetingz!

Well, for what you're looking to do, it almost sounds like you're going to need a hand-written solution.

As for your 1,000 user max. Remember, you're going to have to leave a bit there for the Operating System, too (that's come back to haunt me a few times during usage calculations).

Regarding cPanel; It keeps track of bandwidth to a user's website (and maybe FTP, not sure), and it doesn't have any bearing on their SSH access. However, I'm not sure about SFTP access...that might also count against a user's bandwidth allocation.

The first thing that comes to mind would be to setup chrooted jailed accounts, accessible from Virtual IPs (which might have to be public-facing, and could get expensive).

Good luck!

(And if you find something out there to scratch this itch, come back and post the info for us! )

Q1: SSH connections

If you, at the bash prompt, type in "man sshd_config" you will see two configuration options :

MaxSessions - Maximum number of open sessions per network connection.

MaxStartups - Maximum number of concurrent unauthenticated connections.

While no limit is specifically set to the number of ssh connections, these two additional limits might affect performance.

Q2: Bandwidth Restriction

There are a few options for this, all involving adding bandwidth monitoring and then disabling a user account once they have gone over their allocated amount.

You could use the OpenSSH Traffic Accounting Patch, or vnstat with the graphical php front end is quite nice. Or you could do it the hardcore way with ntop and custom scripts.

Ralfe

Excellent - thanks for the responses so far, really helpful

After reading them I had to sit down and actually decide how I am going to handle the situation.

I came up with the following solution (or should I say, idea :P)

1. Each month I will require a script to create all the SSH accounts with random usernames and passwords, set each account to have a limit of 2GB BW transfer limit using an accounting system mentioned above, as well as a script to disable accounts within a short time after they reach their cap

2. The usernames and passwords of all these SSH accounts need to exported to a text document and automatically emailed to a specific email address, perhaps this can be done at the same time as step 1

3. On the 30th of each month, all the SSH accounts need to be automatically deleted (as all the accounts are only valid for 30 days) and then the script from step 1 needs to run.

These are the specs of my box:

Athlon 64 X2 4200
• 1.5 GB DDR2 RAM
• 160 GB Hard Drive
• 2500 GB Traffic
• 100Mbps Connection

I have not chosen an operating system, but I am probably going to go with a linux distro with very high stability and a low resource footprint.

If you could assist me with any of the steps above I would be very grateful.

Thanks