SSH Re-Keying for SSH Server and SSH Client
To comply with RFC 4251, session rekeying ensures that either the SSH server or the SSH client initiates a rekey. This results in a new set of encryption and integrity keys to be exchanged between them. Once the rekey is complete, new keys are used for further communication, which ensures that the same key is not used for a long duration and the security of the session is maintained.
Syntax
ip ssh rekey {time <MINUTES> | volume <SIZE>}
no ip ssh rekey
Description
Enable SSH key re-exchange.
The no form of the command disables SSH rekeying. If time or volume is specified, the no form reverts to the default value.
Command context
config
Parameters
time <MINUTES>
-
Specifies the number of minutes for rekey initiation. Range: 10 to 60 minutes. Default: 60 minutes.
volume <SIZE>
-
Specifies the volume size in KB for rekey initiation. Range: 100 KB to 1048576 KB. Default: 1048576 KB.
Examples
Initiate rekeying every 45 minutes:
switch(config)# ip ssh rekey time 45
Reset the configured time to the default value (60 minutes):
switch(config)# no ip ssh rekey time
Initiate rekeying after every 2000 KB of data is transferred:
switch(config)# ip ssh rekey volume 2000
Reset the configured volume to the default value (1048576 KB):
switch(config)# no ip ssh rekey volume