Question about RekeyLimit enforcement before authentication (FCS_SSH_EXT.1.8)
Damien Miller
djm at mindrot.org
Tue Dec 23 09:50:23 AEDT 2025
On Mon, 22 Dec 2025, faezeh dehghan wrote:
> Dear OpenSSH maintainers,
>
> I am currently going through a security certification process where my
> system is required to satisfy the requirement *FCS_SSH_EXT.1.8*.
>
> To configure this, I have set the following option on the server side:
>
> RekeyLimit 1h 1G
>
> The test laboratory verifies this requirement *before authentication*.
> Their test procedure is roughly as follows:
OpenSSH does not support rekeying before authentication completes.
This keeps our preauthentication code simple.
Authentication duration is bounded by LoginGraceTime (default 2m), so
it's unlikely that time-based rekeying will ever happen unless the
defaults have been radically overridden.
Similarly, it's difficult to imagine a scenario where sshd would
accept a large volume of traffic before MaxAuthTries and/or
LoginGraceTime are exceeded.
-d
More information about the openssh-unix-dev
mailing list