You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2019/04/08 16:13:14 UTC
[karaf] branch master updated: [KARAF-6222] Expose
max-concurrent-sessions option to the Karaf sshd server
This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/karaf.git
The following commit(s) were added to refs/heads/master by this push:
new 92c2427 [KARAF-6222] Expose max-concurrent-sessions option to the Karaf sshd server
new 9203ef9 Merge pull request #804 from jbonofre/KARAF-6222
92c2427 is described below
commit 92c2427b49973f63ec671c5a6963f11fe0cf8d7e
Author: Jean-Baptiste Onofré <jb...@apache.org>
AuthorDate: Mon Apr 8 15:25:34 2019 +0200
[KARAF-6222] Expose max-concurrent-sessions option to the Karaf sshd server
---
.../features/standard/src/main/feature/feature.xml | 10 ++++++
.../java/org/apache/karaf/shell/ssh/Activator.java | 39 ++++++++++++----------
.../apache/karaf/shell/ssh/SshServerAction.java | 10 +++++-
3 files changed, 41 insertions(+), 18 deletions(-)
diff --git a/assemblies/features/standard/src/main/feature/feature.xml b/assemblies/features/standard/src/main/feature/feature.xml
index 6ec81dd..09a2d14 100644
--- a/assemblies/features/standard/src/main/feature/feature.xml
+++ b/assemblies/features/standard/src/main/feature/feature.xml
@@ -262,6 +262,16 @@ sshHost = 0.0.0.0
sshIdleTimeout = 1800000
#
+# Define the number of the NIO workers for the sshd server. Default is 2.
+#
+#nio-workers = 2
+
+#
+# Define the maximum number of SSH sessions. Default is unlimited.
+#
+#max-concurrent-sessions = -1
+
+#
# sshRealm defines which JAAS domain to use for password authentication.
#
sshRealm = karaf
diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
index d10e091..31e5fab 100644
--- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
+++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
@@ -141,23 +141,24 @@ public class Activator extends BaseActivator implements ManagedService {
}
protected SshServer createSshServer(SessionFactory sessionFactory) {
- int sshPort = getInt("sshPort", 8101);
- String sshHost = getString("sshHost", "0.0.0.0");
- long sshIdleTimeout = getLong("sshIdleTimeout", 1800000);
- int nioWorkers = getInt("nio-workers", 2);
- String sshRealm = getString("sshRealm", "karaf");
- Class<?>[] roleClasses = getClassesArray("sshRoleTypes", "org.apache.karaf.jaas.boot.principal.RolePrincipal");
- String sshRole = getString("sshRole", null);
- String hostKey = getString("hostKey", System.getProperty("karaf.etc") + "/host.key");
- String[] authMethods = getStringArray("authMethods", "keyboard-interactive,password,publickey");
- int keySize = getInt("keySize", 2048);
- String algorithm = getString("algorithm", "RSA");
- String[] macs = getStringArray("macs", "hmac-sha2-512,hmac-sha2-256,hmac-sha1");
- String[] ciphers = getStringArray("ciphers", "aes128-ctr,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc");
- String[] kexAlgorithms = getStringArray("kexAlgorithms", "diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1");
- String welcomeBanner = getString("welcomeBanner", null);
- String moduliUrl = getString("moduli-url", null);
- boolean sftpEnabled = getBoolean("sftpEnabled", true);
+ int sshPort = getInt("sshPort", 8101);
+ String sshHost = getString("sshHost", "0.0.0.0");
+ long sshIdleTimeout = getLong("sshIdleTimeout", 1800000);
+ int nioWorkers = getInt("nio-workers", 2);
+ int maxConcurrentSessions = getInt("max-concurrent-sessions", -1);
+ String sshRealm = getString("sshRealm", "karaf");
+ Class<?>[] roleClasses = getClassesArray("sshRoleTypes", "org.apache.karaf.jaas.boot.principal.RolePrincipal");
+ String sshRole = getString("sshRole", null);
+ String hostKey = getString("hostKey", System.getProperty("karaf.etc") + "/host.key");
+ String[] authMethods = getStringArray("authMethods", "keyboard-interactive,password,publickey");
+ int keySize = getInt("keySize", 2048);
+ String algorithm = getString("algorithm", "RSA");
+ String[] macs = getStringArray("macs", "hmac-sha2-512,hmac-sha2-256,hmac-sha1");
+ String[] ciphers = getStringArray("ciphers", "aes128-ctr,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc");
+ String[] kexAlgorithms = getStringArray("kexAlgorithms", "diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1");
+ String welcomeBanner = getString("welcomeBanner", null);
+ String moduliUrl = getString("moduli-url", null);
+ boolean sftpEnabled = getBoolean("sftpEnabled", true);
Path serverKeyPath = Paths.get(hostKey);
KeyPairProvider keyPairProvider = new OpenSSHKeyPairProvider(serverKeyPath.toFile(), algorithm, keySize);
@@ -172,6 +173,7 @@ public class Activator extends BaseActivator implements ManagedService {
server.setCipherFactories(SshUtils.buildCiphers(ciphers));
server.setKeyExchangeFactories(SshUtils.buildKexAlgorithms(kexAlgorithms));
server.setShellFactory(new ShellFactoryImpl(sessionFactory));
+
if (sftpEnabled) {
server.setCommandFactory(new ScpCommandFactory.Builder().withDelegate(cmd -> new ShellCommand(sessionFactory, cmd)).build());
server.setSubsystemFactories(Collections.singletonList(new SftpSubsystemFactory()));
@@ -187,6 +189,9 @@ public class Activator extends BaseActivator implements ManagedService {
server.setForwardingFilter(AcceptAllForwardingFilter.INSTANCE);
server.getProperties().put(SshServer.IDLE_TIMEOUT, Long.toString(sshIdleTimeout));
server.getProperties().put(SshServer.NIO_WORKERS, Integer.toString(nioWorkers));
+ if (maxConcurrentSessions != -1) {
+ server.getProperties().put(SshServer.MAX_CONCURRENT_SESSIONS, Integer.toString(maxConcurrentSessions));
+ }
if (moduliUrl != null) {
server.getProperties().put(SshServer.MODULI_URL, moduliUrl);
}
diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/SshServerAction.java b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/SshServerAction.java
index 8c08783..2acc0a3 100644
--- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/SshServerAction.java
+++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/SshServerAction.java
@@ -45,6 +45,9 @@ public class SshServerAction implements Action
@Option(name = "-n", aliases = { "--nio-workers" }, description = "The number of NIO worker threads to use", required = false, multiValued = false)
private int nioWorkers = 2;
+ @Option(name = "-c", aliases = { "--max-concurrent-sessions" }, description = "The maximum number of concurrent sessions opened on the ssh server", required = false, multiValued = false)
+ private int maxConcurrentSessions = -1;
+
@Option(name = "-w", aliases = { "--welcome-banner" }, description = "The welcome banner to display when logging in", required = false, multiValued = false)
private String welcomeBanner;
@@ -64,8 +67,13 @@ public class SshServerAction implements Action
// idle timeout
server.getProperties().put(SshServer.IDLE_TIMEOUT, Long.toString(idleTimeout));
- // nio-workes
+ // nio-workers
server.getProperties().put(SshServer.NIO_WORKERS, Integer.toString(nioWorkers));
+
+ // max-concurrent-sessions
+ if (maxConcurrentSessions != -1) {
+ server.getProperties().put(SshServer.MAX_CONCURRENT_SESSIONS, Integer.toString(maxConcurrentSessions));
+ }
// welcome banner
if (welcomeBanner != null) {