SSH rekeying

SSH rekeying is an SSHv2 feature that allows the SSH server or client to force a key exchange between server and client, while changing the encryption and integrity keys. After you enable SSH rekeying, key exchanges occur after a pre-determined time interval or after the data transmitted in the session reaches the data-limit threshold. The default time-interval is 1 hour and the default data-limit is 1 GB. You can configure these values using the ssh rekey command.

SSH rekey is optional. You can enable SSH rekey only when SSH is enabled globally. Most SSH clients and servers do not provide a rekey mechanism, do not enable SSH rekey in such cases. Active sessions shut down if the rekey fails.

Note

Note

You cannot enable SSH rekey selectively for either SSH client or server, it is enabled both on the SSH client and server together.