Session rekeying support in OpenSSH
Darren Tucker
dtucker at zip.com.au
Mon May 13 23:40:43 EST 2013
On Mon, May 13, 2013 at 06:40:16PM +0530, brindha perumal wrote:
> Hi,
>
> I am using OpenSSH_5.2p1. It seems ssh server doesn't support key
> regeneration after a specified amount of time. I manually verified the
> OpenSSH_5.2p1 and OpenSSH-6.2 source codes and haven?t found any code
> support for session rekeying in both releases.
It can do rekeying based on the volume of data transmitted or manually
via the ~R escape sequence but not based on the amount of time since
last rekeying.
> SSH2 supports session rekeying using the parameter ?RekeyIntervalSeconds?
> with default value 3600 seconds (one hour) in both ssh2_config and
> sshd2_config files. I haven?t found similar parameter in both releases
> OpenSSH_5.2p1 and openssh-6.2 configuration files.
>
> Does openSSH not support session rekeying (rekeying after a specified
> amount of time)? If so, is there any alternative approach to achieve this
> behavior?
You could combine a low RekeyLimit with ServerAliveInterval to ensure
enough traffic gets generated to trigger it, but that would involve
extra traffic.
Looks like it wouldn't be hard to add, but what problem are you trying
to solve?
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list