RekeyLimit
        Specifies the maximum amount of data that may be
        transmitted before the session key is renegotiated,
        optionally followed by a maximum amount of time that may
        pass before the session key is renegotiated.  The first
        argument is specified in bytes and may have a suffix of
        ‘K’, ‘M’, or ‘G’ to indicate Kilobytes, Megabytes, or
        Gigabytes, respectively.  The default is between ‘1G’ and
        ‘4G’, depending on the cipher.  The optional second value
        is specified in seconds and may use any of the units
        documented in the TIME FORMATS section.  The default value
        for RekeyLimit is default none, which means that rekeying
        is performed after the cipher's default amount of data has
        been sent or received and no time based rekeying is done.

FCS_SSHS_EXT.1.8 The TSF shall ensure that within SSH connections, the same session
keys are used for a threshold of no longer than one hour, and each encryption key is used to
protect no more than one gigabyte of data. After any of the thresholds are reached, a rekey
needs to be performed.

set service ssh rekey-limit data xxx
set service ssh rekey-limit time xxx