Force frequent session key renegotiation

Description

The RekeyLimit parameter specifies how often the session key of the is renegotiated, both in terms of amount of data that may be transmitted and the time elapsed.
To decrease the default limits, add or correct the following line in /etc/ssh/sshd_config:

RekeyLimit

Rationale

By decreasing the limit based on the amount of data and enabling time-based limit, effects of potential attacks against encryption keys are limited.

ID: xccdf_org.ssgproject.content_rule_sshd_rekey_limit
Severity: Medium
References: CCI-000068

FCS_SSH_EXT.1.8

SRG-OS-000033-GPOS-00014 SRG-OS-000480-GPOS-00227
Updated: about 1 year ago