The 7705 SAR supports periodic rollover (or re-exchange) of the SSH symmetric key without disabling SSH. Symmetric key rollover is important in long SSH sessions. Symmetric key rollover ensures that the encryption channel between the client and server is not jeopardized by an external hacker that is trying to break the encryption via a brute force attack. The feature can be configured on either the SSH client or server.
The following are triggers for symmetric key rollover and negotiation:
the negotiation of the key based on a configured time period
the negotiation of the key based on a configured data transmission size
Key re-exchange is enabled by default. The default values for both the client and server are 60 min and 1024 Mbytes, which is the RFC 4253 recommendation.