From owner-freebsd-security  Mon Sep 25  3:28:46 2000
Delivered-To: freebsd-security@freebsd.org
Received: from liam.london.sparza.com (liam.london.sparza.com [212.135.72.25])
	by hub.freebsd.org (Postfix) with ESMTP id 1882037B422
	for <freebsd-security@freebsd.org>; Mon, 25 Sep 2000 03:28:44 -0700 (PDT)
Received: from hagop.london.sparza.com ([212.135.72.28])
	by liam.london.sparza.com with esmtp (Exim 3.14 #3)
	id 13dVVC-0002Jh-00; Mon, 25 Sep 2000 11:28:50 +0100
Received: from localhost (scot@localhost)
          by hagop.london.sparza.com (8.9.3/8.9.3) with ESMTP id LAA07218;
          Mon, 25 Sep 2000 11:28:36 +0100 (BST)
          (envelope-from scot@london.sparza.com)
Date: Mon, 25 Sep 2000 11:28:36 +0100 (BST)
From: Scot Elliott <scot@london.sparza.com>
To: Mipam <mipam@ibb.net>
Cc: CrazZzy Slash <slash@krsu.edu.kg>,
	Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>,
	freebsd-security@FreeBSD.ORG, Peter Pentchev <roam@orbitel.bg>
Subject: Re: Encryption over IP
In-Reply-To: <Pine.LNX.3.95.1000925121108.11069B-100000@ux1.ibb.net>
Message-ID: <Pine.GSO.4.21.0009251124180.7006-100000@hagop.london.sparza.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

No - only the RSA server key is changed periodically.  The session key
(passed from client to server using public key crypto at the start) is not
changed throughout the session... which can last much longer than the
server key regeneration time.


Scot


On Mon, 25 Sep 2000, Mipam wrote:

> > As a friend pointed out to me recently, long term SSH connections that
> > move a lot of data are probably not very secure, as the SSH protocol does
> > not re-generate it's encryption keys unlike something like IPSec...
> > 
> 
> This is not the case.
> For example in openssh you can specify the regeneration time of the key.
> Default this is set to 3600 seconds. And when you would look closely, you
> also see it happening for a message is displayed when this happens.
> You also can check in your logs it happens. Checkout /etc/sshd_config
> Bye,
> 
> Mipam.
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message