From owner-freebsd-security Mon Sep 25 3:16:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D8AA37B422 for ; Mon, 25 Sep 2000 03:16:20 -0700 (PDT) Received: from ux1.ibb.net (ibb0005.ibb.uu.nl [131.211.124.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 70A9D6E2AB5 for ; Mon, 25 Sep 2000 03:16:19 -0700 (PDT) Received: from localhost (mipam@localhost) by ux1.ibb.net (8.9.3/8.9.3/UX1TT) with SMTP id MAA11134; Mon, 25 Sep 2000 12:15:22 +0200 Date: Mon, 25 Sep 2000 12:15:22 +0200 (MET DST) From: Mipam To: Scot Elliott Cc: CrazZzy Slash , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > As a friend pointed out to me recently, long term SSH connections that > move a lot of data are probably not very secure, as the SSH protocol does > not re-generate it's encryption keys unlike something like IPSec... > This is not the case. For example in openssh you can specify the regeneration time of the key. Default this is set to 3600 seconds. And when you would look closely, you also see it happening for a message is displayed when this happens. You also can check in your logs it happens. Checkout /etc/sshd_config Bye, Mipam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message