Last Modified: Oct 06, 2020
See more info
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
13.1.0, 12.1.2 HF1
Opened: Apr 05, 2017
Common Criteria requires that SSH session be rekeyed at least every hour
SSH sessions are rekeyed in response to the quantity of data transferred, or on user demand, but not on the basis of elapsed time
SSH connections to or from the BIG-IP system.
If time-based rekeying is required in your environment, edit the SSH configuration to include a RekeyLimit with both data and time parameters using a command similar to the following: tmsh modify sys sshd include 'RekeyLimit 256M 3600s' Outbound SSH client connections can be modified by adding the same RekeyLimit configuration to /config/ssh/ssh_config or by including that option on the command line when calling the ssh client.
SSH sessions are now rekeyed every hour regardless of the quantity of data transferred.