SSH Re-Keying for SSH Server and SSH Client

To comply with RFC 4251, session rekeying ensures that either the SSH server or the SSH client initiates a rekey. This results in a new set of encryption and integrity keys to be exchanged between them. Once the rekey is complete, new keys are used for further communication, which ensures that the same key is not used for a long duration and the security of the session is maintained.


ip ssh rekey {time <MINUTES> | volume <SIZE>}

no ip ssh rekey


Enable SSH key re-exchange.

The no form of the command disables SSH rekeying and sets the time to default value of 10 minutes.

Command context



time <MINUTES>

Specifies the number of minutes for rekey initiation. Range: 10 to 60 minutes. Default: 10 minutes.

volume <SIZE>

Specifies the volume size in KB for rekey initiation. Range: 100 KB to 1048576 KB. Default: 1048576 KB.


Initiate rekeying every 45 minutes:

switch(config)# ip ssh rekey time 45 

Reset the configured time to the default value (10 minutes):

switch(config)# no ip ssh rekey time 

Initiate rekeying after every 2000 KB of data is transferred:

switch(config)# ip ssh rekey volume 2000 

Reset the configured volume to the default value (1048576 KB):

switch(config)# no ip ssh rekey volume