SSH Re-Keying for SSH Server and SSH Client.

NOTE:

SSH rekeying is available only on switches running KB software.

To comply with RFC 4251, session rekeying ensures that either the SSH server or the SSH client initiates a rekey. This results in a new set of encryption and integrity keys to be exchanged between them. Once the rekey is complete, new keys are used for further communication, which ensures that the same key is not used for a long duration and the security of the session is maintained.

CLI command

Syntax

ip ssh rekey {time <time> | volume <volume>}
no ip ssh rekey

Description

Enable SSH key re-exchange.

The no form of the command disables SSH rekeying. If time or volume is specified, the no form reverts to the default value.

Command context

config

Parameters

time <time>

Sets the time in minutes for rekey initiation; the range is 10 to 60. The default is 60 minutes.

volume <volume>

Sets the volume in KB for rekey initiation; the range is 100-1048576. The default is 1048576 KB.

Example

switch(config)# ip ssh rekey time 45

Initiate rekeying every 45 minutes.

Example

switch(config)# no ip ssh rekey time

Reset the configured time to the default value (60 minutes).

Example

switch(config)# ip ssh rekey volume 2000

Initiate rekeying after every 2000 KB of data is transferred.

Example

switch(config)# no ip ssh rekey volume

Reset the configured volume to the default value (1048576 KB).