Record / Monitor amount of traffic a user has used for ssh tunnelling?

iamacup · 12-21-2009, 10:55 AM

I was wondering if there was a way of recording the amount of traffic a specific users shell account uses. I currently allow a couple of people to tunnel through my server with /bin/false so they can’t execute shell commands.

I was wondering if there was a way to record what their traffic usage was individually.

Thanks!

kbp · 12-22-2009, 08:36 PM

Have a look at http://www.pmacct.net/

cheers

iamacup · 12-28-2009, 02:53 PM

I hate googling and finding threads that have no answers so here is what I have done
You can not, as far as I have worked out use pmacct to work out what info is coming from a specific user on your system. Instead you must tag each packet with the uid of the user that ran the process that send it. See:

http://serverfault.com/questions/520...ldest#sort-top

This however would not work for me because I use several VPS’s all of which do not have the required IPTables modules to do this ‘colouring’ of packets so I took an unconventional approach which has worked quite well, and in fact does more than what I wanted in the first place.

I am using HTTP tunnel from Sebastian Weber. I have modified it to store the username//password into a mysql database alongside the bandwidth that user has used to data. I have then pushed the SSH tunnels over this ‘http’ tunnel. This is a better solution for me as the whole problem in the first place was tunnelling over networks which did not necessarily allow access to certain ports / services (including possibly ssh).

This way, people can tunnel their SSH connections over normal HTTP post requests. This is more efficient than using the http tunnel on its own as everything is in one single stream & is strongly encrypted. http tunnel uses a large number of threads for individual requests so using an ssh tunnel over it is much better.
sort-top