ssh/scp filtering, iplen problem
Oliver Fromme
olli at lurza.secnetix.de
Sat Sep 20 11:34:17 PDT 2003
Chuck Swiger <cswiger at mac.com> wrote:
> Oliver Fromme wrote:
> [ ... ]
> > If not -- is there any other way to accomplish nwhat I
> > want to achieve?
>
> The other poster's suggestion about using port 22 for interactive and some other
> port for scp copying is probably the easist.
I can't do that, unfortunately.
> The next thought I had would be to instrument ssh and log a line indicating the
> amount of traffic consumed, perhaps via syslog to a central machine, if you
> wanted to monitor traffic for lots of machines rather than just one test server.
>
> A quick look at "ssh -v" suggests that ssh keeps a byte counter, and doing
> filecopy invokes ssh on the remote side with a command of "scp -t ..." (so that
> you could distinguish between interactive and copying modes within ssh).
I don't need it for monitoring or accounting, but for
traffic-shaping (IPFW2 + dummynet). So any userland
information like syslog or ssh byte counters son't help
me at all, I'm afraid.
Regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
"FreeBSD is Yoda, Linux is Luke Skywalker"
-- Daniel C. Sobral
More information about the freebsd-ipfw
mailing list