diff -urN openssh-2.5.1p1-orig/Makefile.in openssh-2.5.1p1/Makefile.in
--- openssh-2.5.1p1-orig/Makefile.in	Sun Feb 18 19:13:33 2001
+++ openssh-2.5.1p1/Makefile.in	Tue Feb 20 00:06:55 2001
@@ -44,7 +44,7 @@
 
 TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP_PROGS)
 
-LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o deattack.o dispatch.o mac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o 
+LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o deattack.o dispatch.o mac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o account.o
 
 SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o
 
diff -urN openssh-2.5.1p1-orig/account.c openssh-2.5.1p1/account.c
--- openssh-2.5.1p1-orig/account.c	Thu Jan  1 00:00:00 1970
+++ openssh-2.5.1p1/account.c	Tue Feb 20 00:07:50 2001
@@ -0,0 +1,34 @@
+/*
+ * account.c:
+ * Accounting for sshd.
+ *
+ * Copyright (c) 2001 Chris Lightfoot. All rights reserved.
+ *
+ */
+
+static const char rcsid[] = "$Id: openssh-2.5.1p1-accounting.patch,v 1.1.1.1 2001/03/23 14:33:06 chris Exp $";
+
+#include <sys/types.h>
+#include <stdlib.h>
+
+#include "ssh.h"
+
+size_t total_read, total_written;
+char *acct_user;
+int acct_this_is_the_server;
+
+void acct_reset() {
+    total_read = total_written = 0;
+}
+
+void acct_add(size_t r, size_t w) {
+    total_read += r;
+    total_written += w;
+}
+
+void acct_report() {
+    if (acct_this_is_the_server && acct_user) {
+        if (total_read || total_written) log("account: user:%s wrote:%lu read:%lu", acct_user, total_written, total_read);
+        total_read = total_written = 0;
+    }
+}
diff -urN openssh-2.5.1p1-orig/auth2.c openssh-2.5.1p1/auth2.c
--- openssh-2.5.1p1-orig/auth2.c	Sun Feb 18 19:13:33 2001
+++ openssh-2.5.1p1/auth2.c	Mon Feb 19 23:29:49 2001
@@ -291,6 +291,9 @@
 	return;
 }
 
+/* chris-- accounting. */
+extern char *acct_user;
+
 void
 userauth_reply(Authctxt *authctxt, int authenticated)
 {
@@ -312,6 +315,8 @@
 		packet_write_wait();
 		/* now we can break out */
 		authctxt->success = 1;
+		if (acct_user) free(acct_user);
+		if (authctxt->user) acct_user = strdup(authctxt->user);
 	} else {
 		if (authctxt->failures++ > AUTH_FAIL_MAX)
 			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
diff -urN openssh-2.5.1p1-orig/channels.c openssh-2.5.1p1/channels.c
--- openssh-2.5.1p1-orig/channels.c	Fri Feb 16 15:56:31 2001
+++ openssh-2.5.1p1/channels.c	Mon Feb 19 23:26:20 2001
@@ -315,7 +315,8 @@
 }
 
 /* Free the channel and close its fd/socket. */
-
+/* chris-- accounting; we account individual channels. */
+void acct_report();
 void
 channel_free(int id)
 {
@@ -342,6 +343,7 @@
 		xfree(c->remote_name);
 		c->remote_name = NULL;
 	}
+        acct_report();
 }
 
 /*
diff -urN openssh-2.5.1p1-orig/log-server.c openssh-2.5.1p1/log-server.c
--- openssh-2.5.1p1-orig/log-server.c	Mon Jan 22 05:34:42 2001
+++ openssh-2.5.1p1/log-server.c	Mon Feb 19 23:26:20 2001
@@ -45,7 +45,8 @@
 
 static LogLevel log_level = SYSLOG_LEVEL_INFO;
 static int log_on_stderr = 0;
-static int log_facility = LOG_AUTH;
+/* chris-- direct ssh logging methods into /var/log/ssh, via LOCAL0. */
+static int log_facility = LOG_LOCAL0;
 
 /* Initialize the log.
  *   av0	program name (should be argv[0])
diff -urN openssh-2.5.1p1-orig/packet.c openssh-2.5.1p1/packet.c
--- openssh-2.5.1p1-orig/packet.c	Thu Feb 15 03:12:08 2001
+++ openssh-2.5.1p1/packet.c	Mon Feb 19 23:26:20 2001
@@ -66,6 +66,9 @@
 #define DBG(x)
 #endif
 
+/* chris-- prototypes for accounting functions. */
+void acct_add(size_t, size_t);
+
 /*
  * This variable contains the file descriptors used for communicating with
  * the other side.  connection_in is used for reading; connection_out for
@@ -1019,6 +1022,7 @@
 packet_process_incoming(const char *buf, u_int len)
 {
 	buffer_append(&input, buf, len);
+        acct_add(len, 0);
 }
 
 /* Returns a character from the packet. */
@@ -1183,6 +1187,7 @@
 				fatal("Write failed: %.100s", strerror(errno));
 		}
 		buffer_consume(&output, len);
+                acct_add(0, len);
 	}
 }
 
diff -urN openssh-2.5.1p1-orig/session.c openssh-2.5.1p1/session.c
--- openssh-2.5.1p1-orig/session.c	Sun Feb 18 19:13:34 2001
+++ openssh-2.5.1p1/session.c	Mon Feb 19 23:26:20 2001
@@ -114,6 +114,9 @@
 	int	chanid;
 };
 
+/* chris-- accounting. */
+void acct_report();
+
 /* func */
 
 Session *session_new(void);
@@ -205,6 +208,10 @@
  * terminals are allocated, X11, TCP/IP, and authentication agent forwardings
  * are requested, etc.
  */
+
+/* chris-- accounting. */
+extern char *acct_user;
+
 void
 do_authenticated(struct passwd * pw)
 {
@@ -240,6 +247,10 @@
 	s = session_new();
 	s->pw = pw;
 
+        /* chris-- save username for accounting. */
+        if (acct_user) free(acct_user);
+        acct_user = strdup(pw->pw_name);
+
 #if defined(HAVE_LOGIN_CAP) && defined(HAVE_PW_CLASS_IN_PASSWD)
 	if ((lc = login_getclass(pw->pw_class)) == NULL) {
 		error("unable to get login class");
@@ -482,6 +493,9 @@
 	session_proctitle(s);
 
 	/* Fork the child. */
+        
+        /* chris-- account all traffic used prior to fork. */
+        acct_report();
 	if ((pid = fork()) == 0) {
 		/* Child.  Reinitialize the log since the pid has changed. */
 		log_init(__progname, options.log_level, options.log_facility, log_stderr);
@@ -594,6 +608,9 @@
 	ttyfd = s->ttyfd;
 
 	/* Fork the child. */
+        /* chris-- account all traffic used prior to fork. */
+        acct_report();
+                        
 	if ((pid = fork()) == 0) {
 		/* Child.  Reinitialize the log because the pid has changed. */
 		log_init(__progname, options.log_level, options.log_facility, log_stderr);
diff -urN openssh-2.5.1p1-orig/sshd.c openssh-2.5.1p1/sshd.c
--- openssh-2.5.1p1-orig/sshd.c	Sun Feb 18 19:13:34 2001
+++ openssh-2.5.1p1/sshd.c	Tue Feb 20 00:07:28 2001
@@ -88,6 +88,10 @@
 char *__progname;
 #endif
 
+/* chris-- prototypes for accounting functions. */
+void acct_reset();
+void acct_report();
+
 /* Server configuration options. */
 ServerOptions options;
 
@@ -541,6 +545,9 @@
 int *startup_pipes = NULL;	/* options.max_startup sized array of fd ints */
 int startup_pipe;		/* in child */
 
+/* chris-- accounting. */
+extern int acct_this_is_the_server;
+
 /*
  * Main program for the daemon.
  */
@@ -565,6 +572,8 @@
 	int startups = 0;
 	int ret, key_used = 0;
 
+	acct_this_is_the_server = 1;
+        
 	__progname = get_progname(av[0]);
 	init_rng();
 
@@ -1058,6 +1067,9 @@
 
 	/* This is the child processing a new connection. */
 
+	/* chris-- start accounting. */
+	acct_reset();
+
 	/*
 	 * Disable the key regeneration alarm.  We will not regenerate the
 	 * key since we are no longer in a position to give it to anyone. We
@@ -1183,6 +1195,10 @@
 #endif /* USE_PAM */
 
 	packet_close();
+
+	/* chris-- accounting. */
+	acct_report();
+
 	exit(0);
 }