Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 5f96f3b4bee11ae2b9b32ff9b881c3693e210f96^! / . / sshd_config.5
commit5f96f3b4bee11ae2b9b32ff9b881c3693e210f96[log] [tgz]
authorDarren Tucker <dtucker@zip.com.au>Thu May 16 20:29:28 2013 +1000
committerDarren Tucker <dtucker@zip.com.au>Thu May 16 20:29:28 2013 +1000
tree1e1c647e73e447b06b194b38b5d39e95aec8bef9
parentc53c2af173cf67fd1c26f98e7900299b1b65b6ec [diff] [blame]
   - dtucker@cvs.openbsd.org 2013/05/16 04:09:14
     [sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
     sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
     rekeying based on traffic volume or time.  ok djm@, help & ok jmc@ for the man
     page.

diff --git a/sshd_config.5 b/sshd_config.5
index 590fb40..9e0b3a5 100644
--- a/sshd_config.5
+++ b/sshd_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.158 2013/04/19 01:00:10 djm Exp $
-.Dd $Mdocdate: April 19 2013 $
+.\" $OpenBSD: sshd_config.5,v 1.159 2013/05/16 04:09:14 dtucker Exp $
+.Dd $Mdocdate: May 16 2013 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -814,6 +814,7 @@
 .Cm PermitRootLogin ,
 .Cm PermitTunnel ,
 .Cm PubkeyAuthentication ,
+.Cm RekeyLimit ,
 .Cm RhostsRSAAuthentication ,
 .Cm RSAAuthentication ,
 .Cm X11DisplayOffset ,
@@ -1008,6 +1009,33 @@
 The default is
 .Dq yes .
 Note that this option applies to protocol version 2 only.
+.It Cm RekeyLimit
+Specifies the maximum amount of data that may be transmitted before the
+session key is renegotiated, optionally followed a maximum amount of
+time that may pass before the session key is renegotiated.
+The first argument is specified in bytes and may have a suffix of
+.Sq K ,
+.Sq M ,
+or
+.Sq G
+to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
+The default is between
+.Sq 1G
+and
+.Sq 4G ,
+depending on the cipher.
+The optional second value is specified in seconds and may use any of the
+units documented in the
+.Sx TIME FORMATS
+section of
+.Xr sshd_config 5 .
+The default value for
+.Cm RekeyLimit
+is
+.Dq default none ,
+which means that rekeying is performed after the cipher's default amount
+of data has been sent or received and no time based rekeying is done.
+This option applies to protocol version 2 only.
 .It Cm RevokedKeys
 Specifies revoked public keys.
 Keys listed in this file will be refused for public key authentication.