Date: Mon, 25 Sep 2000 11:28:36 +0100 (BST) From: Scot Elliott <scot@london.sparza.com> To: Mipam <mipam@ibb.net> Cc: CrazZzy Slash <slash@krsu.edu.kg>, Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, freebsd-security@FreeBSD.ORG, Peter Pentchev <roam@orbitel.bg> Subject: Re: Encryption over IP Message-ID: <Pine.GSO.4.21.0009251124180.7006-100000@hagop.london.sparza.com> In-Reply-To: <Pine.LNX.3.95.1000925121108.11069B-100000@ux1.ibb.net>
next in thread | previous in thread | raw e-mail | index | archive | help
No - only the RSA server key is changed periodically. The session key (passed from client to server using public key crypto at the start) is not changed throughout the session... which can last much longer than the server key regeneration time. Scot On Mon, 25 Sep 2000, Mipam wrote: > > As a friend pointed out to me recently, long term SSH connections that > > move a lot of data are probably not very secure, as the SSH protocol does > > not re-generate it's encryption keys unlike something like IPSec... > > > > This is not the case. > For example in openssh you can specify the regeneration time of the key. > Default this is set to 3600 seconds. And when you would look closely, you > also see it happening for a message is displayed when this happens. > You also can check in your logs it happens. Checkout /etc/sshd_config > Bye, > > Mipam. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.21.0009251124180.7006-100000>