Re: SOCKS over OpenSSH Logging?
- From: Darren Tucker <dtucker@xxxxxxxxxxxxxxxx>
- Date: Fri, 15 Jun 2007 21:22:08 +1000
On 2007-06-13, jnovack@xxxxxxxxx <jnovack@xxxxxxxxx> wrote:
Is there any way (from the server standpoint) to log the usage of the
SOCKS via OpenSSH? I've noticed that my server's bandwidth has gone
up considerably and a few of my users are idle (or running a minimal
task to avoid the timeout) and assume they are proxying, but I cannot
prove it.
Whether its in source/destination format, bandwidth used, time spent
or even IF someone is using it, I'd like to log it in some fashion.
If you set LogLevel DEBUG1 or higher in sshd_config (and restart sshd)
then you will get a server_request_direct_tcpip log entry with
destination address and port for each port forward request (I don't
think it logs the traffic volume, though).
Note that if your users have shell access, this isn't the only way of
relaying and this will not catch those. See if your platform supports
a way of accounting for all users' traffic to catch those.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
.
- References:
- SOCKS over OpenSSH Logging?
- From: jnovack@xxxxxxxxx
- SOCKS over OpenSSH Logging?
- Prev by Date: Putty 0.60 OpenSSH_4.5p1 problem
- Next by Date: Re: SunOS 5.9 to AIX 5.3 ssh getting Connection closed
- Previous by thread: SOCKS over OpenSSH Logging?
- Next by thread: winscp through a firewall : how to implement
- Index(es):
Relevant Pages
|
|
