To meet STIG guidance V-57483, the application should log both the auth attempt and the origin of the authentication attempt.

Also, there's a MAX_CONCURRENT_SESSIONS in sshd that could help ensure only one active session at a time, or log something if multiple sessions from multiple workstations are active at the same time. For instance, add something like the following to the ssh activator:

server.getProperties().put(SshServer.MAX_CONCURRENT_SESSIONS, Integer.toString(maxConcurrentSessions));