SR OS supports periodic rollover of the SSH symmetric key. Symmetric key rollover is important in long SSH sessions. Symmetric key rollover ensures that the encryption channel between the client and server is not jeopardized by an external hacker that is trying to break the encryption via a brute force attack.
This feature introduces symmetric key rollover on SSH client or server. The following are triggers for symmetric key rollover and negotiation:
the negotiation of the key base on a configured time period
the negotiation of the key base on a configured data transmission size
For extra security, by default, the key re-exchange is enabled under SR OS. The default values are as follow:
client
bytes 1000000000
minutes 60
no shutdown
exit
server
bytes 1000000000
minutes 60
no shutdown
exit