The key re-exchange procedure is initiated by sending an SSH_MSG_KEXINIT message while not performing a key exchange. When this message is received by a client or server, the client or server must respond with its own SSH_MSG_KEXINIT message, except in cases where the received SSH_MSG_KEXINIT message was already sent as a reply. Either client or server can initiate the re-exchange, but the roles must not be changed (that is, the server must remain the server and the client must remain the client).
Key re-exchange is performed using whatever encryption was in effect when the exchange was initiated. Encryption, compression, and MAC methods are not changed before a new SSH_MSG_NEWKEYS message is sent after the key exchange (as in the initial key exchange). Re-exchange is processed in the same way as the initial key exchange, except that the session identifier remains unchanged. Some or all of the algorithms can be changed during the re-exchange. Host keys can also change. All keys and initialization vectors are recomputed after the exchange. Compression and encryption contexts are reset.
If the key re-exchange parameters are modified, only new SSH connections inherit the new parameters. The existing SSH connections use the previously configured parameters.