There is no easy way to track real-time per-user bandwidth usage for SSH and SFTP. I think assigning one port to each user may help.

Idea of implementation

Use case

• Bob, with UID 1001, shall connect on port 31001.
• Alice, with UID 1002, shall connect on port 31002.
• John, with UID 1003, shall connect on port 31003.

(I do not want to lauch several sshd instances as proposed in question 247291.)

1. Setup for SFTP:

In /etc/ssh/sshd_config:

Port 31001
Port 31002
Port 31003
Subsystem sftp /usr/bin/sftp-wrapper.sh

The file sftp-wrapper.sh starts the sftp server only if the port is the correct one:

#!/bin/sh
mandatory_port=3`id -u`
current_port=`echo $SSH_CONNECTION | awk '{print $4}'`
if [ $mandatory_port -eq $current_port ]
then
  exec /usr/lib/openssh/sftp-server
fi

2. Additional setup for SSH:

A few lines in /etc/profile prevents the user from connecting on the wrong port:

if [ -n "$SSH_CONNECTION" ]
then
  mandatory_port=3`id -u`
  current_port=`echo $SSH_CONNECTION | awk '{print $4}'`
  if [ $mandatory_port -ne $current_port ]
  then
    echo "Please connect on port $mandatory_port."
    exit 1
  fi
fi

Benefits

Now it should be easy to monitor per-user bandwidth usage. A Rrdtool-based application could produce charts like this:

I know this won't be a perfect calculation of the bandwidth usage: for example, if somebody launches a bruteforce attack on port 31001, there will be a lot of traffic on this port although not from Bob. But this is not a problem to me: I do not need an exact computation of per-user bandwidth usage, but an indicator that is approximately correct in standard situations.

Questions

1. Is the idea of assigning one port for each user is a good one?
2. Is the proposed setup an reliable one?
3. If I have to open dozens of ports for many users, should I expect a performance drawback?
4. Do you know a rrdtool-based application which could make the chart above?