I need to limit the concurrent sessions allowed per user in an apache SshServer. I found two references to this functionality, but they seem to be obsolete.
Here's the original patch back in 2010:
https://issues.apache.org/jira/browse/SSHD-95
I also found this reference to its usage:
http://apache-mina.10907.n7.nabble.com/How-to-set-max-count-connections-in-sshd-service-td44764.html
Which refers to a SshServer.setProperty() method. I'm using sshd-core 2.4.0, and this method is absent from SshServer, I can't see any obvious replacement, and I can't find any documentation on what has happened to it or how I'm supposed to do this now. I still see the MAX_CONCURRENT_SESSIONS key in ServerFactoryManager, so I assume the functionality is still in there somewhere, but I can't find where I need to set it.
Here's what the setup of the server looks like (it's for an SFTP server, but that shouldn't matter for the problem at ahnd, I thnk):
private val server = SshServer.setUpDefaultServer().apply {
val sftpSubsystemFactory = SftpSubsystemFactory().apply {
addSftpEventListener(sftpEventListener)
}
port = sftpPort
host = "localhost"
keyPairProvider = when {
sftpKeyname.isEmpty() -> throw IllegalStateException("No key name for SFTP, aborting!")
sftpKeyname == "NO_RSA" -> {
log.warn("Explicitly using NO_RSA, sftp encryption is insecure!")
SimpleGeneratorHostKeyProvider(File("host.ser").toPath())
}
else -> KeyPairProvider.wrap(loadKeyPair(sftpKeyname))
}
setPasswordAuthenticator { username, password, _ ->
// current evil hack to prevent users from opening more than one session
if (activeSessions.any { it.username == username }) {
log.warn("User attempted multiple concurrent sessions!")
throw IllegalUserStateException("User already has a session!")
} else {
log.debug("new session for user $username")
// throws AuthenticationException
authenticationService.checkCredentials(username, password)
true
}
}
subsystemFactories = listOf(sftpSubsystemFactory)
fileSystemFactory = YellowSftpFilesystemFactory(ftpHome)
start()
log.info("SFTP server started on port $port")
}
(From my comment) you can set the property directly:
server.apply {
properties[ServerFactoryManager.MAX_CONCURRENT_SESSIONS] = 50L
}