Sean Chittenden <sean@chittenden.org> writes:
>> From sshd(8):
> -k key_gen_time
> Specifies how often the ephemeral protocol version 1 server key
> is regenerated (default 3600 seconds, or one hour).
Hmmm. But a server key isn't the same as a session key, is it? Is this
an argument for renegotiating session keys at all?
In any case, you can pump a heck of a lot of data through ssh in an
hour. Based on that, it sure looks to me like every-64K is a
ridiculously small setting. If we were to crank it up to a few meg, the
performance issue would go away, and we'd not really need to think about
changing to a time-based criterion.
regards, tom lane