openssh unix dev - Feb 2004 - ssh client auto rekey feature.

I plan to use ssh as the secure transport of a VPN.  (Yes I know there are
other solutions but...)

These tunnels may be up for a long time, days or weeks, and escape
characters will be turned off because I'll be passing binary data so I
can't
force a rekey with that method.

Since the ssh spec says one should rekey every hour, I plan to patch the ssh
client to implement an auto-rekey option.

Do any of the security/cipher gurus have any problem with automatically
rekeying the connection at a specific interval.  For simplicity's sake I
just plan to implement a simple timer that goes off every
user-specified-interval and rekeys the connection.

If the developers are interested, I'll send the patch along when I'm
done.

Thanks,
John

On Fri, 20 Feb 2004, John A Grahor wrote:
> Since the ssh spec says one should rekey every hour, I plan to patch the
ssh
> client to implement an auto-rekey option.
We already auto-rekey, though I think it is based on data volume rather 
than time. I'll make a patch to enable time-based rekeying.

You can set ReKeyLimit in ssh_config to control this. (This needs an entry 
in ssh_config).

-d