Question about RekeyLimit enforcement before authentication (FCS_SSH_EXT.1.8)

faezeh dehghan f.dehghan96 at gmail.com
Mon Dec 22 22:12:10 AEDT 2025 

Dear OpenSSH maintainers,

I am currently going through a security certification process where my
system is required to satisfy the requirement *FCS_SSH_EXT.1.8*.

To configure this, I have set the following option on the server side:

RekeyLimit 1h 1G

The test laboratory verifies this requirement *before authentication*.
Their test procedure is roughly as follows:

   -

   The SSH client connects to the server
   -

   A valid username is entered
   -

   The server presents the password prompt
   -

   The client then remains idle (no password is entered, no keystrokes are
   sent)
   -

   After one hour, the tester expects to observe a rekey operation
   automatically, purely by monitoring the network traffic (e.g. with
   Wireshark), without any user interaction

My environment is:

   -

   OS: Ubuntu 20.04
   -

   OpenSSH version: 8.2p1
   -

   Server: sshd with RekeyLimit set as above

What I observe is that:

   -

   After successful authentication (correct password entered and shell
   access granted), rekey operations can be observed on the client side when
   running SSH in verbose mode.
   -

   However, since the traffic is encrypted, no clear indication of rekeying
   is visible in Wireshark at the packet level.
   -

   Before authentication completes (i.e. while waiting at the password
   prompt), I do not observe any rekey activity. Even if I set the rekeylimit
   to 30seconds for only test the host and I enter password wrong to have an
   interaction with server. I check rekey in verbose from client side and
   debug logs of server, As I see only first key exchange and cannot see rekey
   in encrypted wireshark packets.I cheked the config in ubuntu24.04 and sshd
   version 9.6p1 too as a test and I got same results.

My questions are therefore:

   1.

   Is it valid to expect RekeyLimit-based rekeying to occur *before
   authentication has completed*?
   2.

   Is there any OpenSSH or SSH protocol documentation that explicitly
   states that rekeying is only enforced after authentication and/or after an
   established session exists?
   3.

   From an OpenSSH perspective, is this test methodology valid, or is the
   expectation of a rekey before password entry incorrect?

Any clarification or references that could help me justify the expected
behavior to the certification authority would be greatly appreciated.

Thank you for your time and for maintaining OpenSSH.

Best regards,

Dehghan

More information about the openssh-unix-dev mailing list