Configures the Secure Shell (SSH) rekey interval, either in terms of the maximum number of minutes or the maximum amount of data.

ip ssh rekey { client | server } { data Kbytes | time minutes }
no ip ssh rekey { client | server } { data Kbytes | time minutes }

SSH rekey is disabled by default in non-FIPS mode. In FIPS/CC mode the default value for time and data is 30 minutes and 500000 KB respectively. SSH rekey feature cannot be disabled in FIPS/CC mode.

client
Specifies the rekey interval for the SSH client sessions.
server
Specifies the rekey interval for the SSH server sessions.
data KBytes
Configures the maximum amount of data (in kilobytes) that can be transmitted before SSH rekey is initiated. The valid range is from 100 through 2000000 kilobytes.
time minutes
Configures the maximum time in minutes before SSH rekey is initiated. The valid range is from 0 through 120 minutes.

Global configuration mode

When the value for minutes is set to 0, SSH rekey does not take place.

It is recommended that the rekey data value not be configured higher than one Gigabyte.

In FIPS or CC mode, SSH rekey is enabled by default and cannot be disabled. The default value for time is 30 minutes and the default value for data is 500 MB in both FIPS and CC mode. If the rekey configuration is removed, the default values are applied. The default values are not displayed in the configuration.

Non-FIPS mode to FIPS or CC mode: If the rekey configuration is configured in non-FIPS mode, the same values are applied while moving to FIPS mode. If the rekey configuration is not configured in non-FIPS mode, the default values in FIPS or CC mode will be applied.

FIPS or CC mode to non-FIPS mode: The configuration in FIPS mode or CC mode is removed, and SSH rekey is disabled while moving to non-FIPS mode.

The no form of the command disables SSH rekey in normal operating mode.

The following example configures SSH rekey on the outbound SSH session every hour. 


device# configure terminal
device(config)# ip ssh rekey client time 60

The following example configures SSH rekey on the inbound SSH session whenever 10000 kilobytes of data has been transmitted. 


device# configure terminal
device(config)# ip ssh rekey server data 10000
Release version Command history
08.0.70 This command was introduced.