ssh server rekey-interval
Use ssh server rekey-interval to set the minimum interval for updating the RSA server key pair.
Use undo ssh server rekey-interval to restore the default.
Syntax
ssh server rekey-interval interval
undo ssh server rekey-interval
Default
The minimum interval for updating the RSA server key pair is 0 hours. The system does not update the RSA server key pair.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
interval: Specifies the minimum interval for updating the RSA server key pair, in the range of 1 to 24 hours.
Usage guidelines
This command is not available in FIPS mode.
Periodically updating the RSA server key pair prevents malicious hacking to the key pair and enhances security of the SSH connections.
The system starts to count down the configured minimum update interval after the first SSH1 user logs in to the server. If a new SSH1 user logs in to the server after the interval, the system performs the following operations:
Updates the RSA server key pair.
Uses the updated RSA server key pair for key pair negotiation with the new user.
Resets the interval and starts to count down the interval again.
This command takes effect only on SSH1 clients.
Examples
# Set the minimum interval to 3 hours for updating the RSA server key pair.
<Sysname> system-view [Sysname] ssh server rekey-interval 3
Related commands
display ssh server