Check if Paramiko re-exchanges the key (rekeys)

Question

We have a requirement to verify the rekeying in our application for an SSH connection.

ensure that within SSH connections, the same session keys are used for a threshold of no longer than one hour, and each encryption key is used to protect no more than one gigabyte of data. After any of the thresholds are reached, a rekey needs to be performed

We are using "Paramiko" for SSH connection. How to verify the time based threshold and packet size threshold in Paramiko and make sure that rekeying is working as expected.

score 0 · Accepted Answer · answered Apr 15 '21 at 14:25

0

For data-based rekey, enable logging and check for the following message in the log:

Rekeying (hit ... packets, ... bytes sent)

It does not look like Paramiko supports time-based rekey.

answered Apr 15 '21 at 14:25

Martin Prikryl

188,800
56
490
992

Check if Paramiko re-exchanges the key (rekeys)

1 Answers1