Configure SSHD maxAuthTries, loginGraceTime, maxConnectionsPerUser

Enable the site administrator to control the SSHD server's limits by
defining how many times a user can prevent an SSH key before we give
up, how long the session is allowed to sit without authentication,
and how many sessions any single user may have.

Change-Id: Ia7da504caa6e741a412dc03cf0e2e167d6d4c612
Signed-off-by: Shawn O. Pearce <sop@google.com>

gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java

@@ -14,7 +14,12 @@
 
 package com.google.gerrit.sshd;
 
+import static java.util.concurrent.TimeUnit.MILLISECONDS;
+import static java.util.concurrent.TimeUnit.SECONDS;
+
+import com.google.gerrit.common.Version;
 import com.google.gerrit.lifecycle.LifecycleListener;
+import com.google.gerrit.server.config.ConfigUtil;
 import com.google.gerrit.server.config.GerritServerConfig;
 import com.google.gerrit.server.ssh.SshInfo;
 import com.google.gerrit.server.util.IdGenerator;
@@ -129,6 +134,25 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
     reuseAddress = cfg.getBoolean("sshd", "reuseaddress", true);
     keepAlive = cfg.getBoolean("sshd", "tcpkeepalive", true);
 
+    getProperties().put(SERVER_IDENTIFICATION,
+        "GerritCodeReview_" + Version.getVersion() //
+            + " (" + super.getVersion() + ")");
+
+    getProperties().put(MAX_AUTH_REQUESTS,
+        String.valueOf(cfg.getInt("sshd", "maxAuthTries", 6)));
+
+    getProperties().put(
+        AUTH_TIMEOUT,
+        String.valueOf(MILLISECONDS.convert(ConfigUtil.getTimeUnit(cfg, "sshd",
+            null, "loginGraceTime", 120, SECONDS), SECONDS)));
+
+    final int maxConnectionsPerUser =
+        cfg.getInt("sshd", "maxConnectionsPerUser", 64);
+    if (0 < maxConnectionsPerUser) {
+      getProperties().put(MAX_CONCURRENT_SESSIONS,
+          String.valueOf(maxConnectionsPerUser));
+    }
+
     if (SecurityUtils.isBouncyCastleRegistered()) {
       initProviderBouncyCastle();
     } else {