SSH Rekeying

An SSHv2 server or client can use the SSH rekeying feature to force a key exchange between server and client, while changing the encryption and integrity keys. After you enable SSH rekeying, key exchanges occur after a pre-determined time interval or after the data transmitted in the session reaches the data-limit threshold. You can configure these values using the ssh rekey command.

SSH rekeying is optional. You can enable SSH rekey only if SSH is enabled globally. Most SSH clients and servers do not provide a rekey mechanism; do not enable SSH rekey in such cases. Active sessions shut down if the rekey fails.

Note

Note

You cannot enable SSH rekey selectively for the SSH client, SSH server, Secure Copy (SCP), or Secure File Transfer Protocol (SFTP); SSH rekey is enabled for all of these functions simultaneously.