The SSHEPv1.0 does not impose any audit requirements.  However two test cases mention using audit logs in testing - FCS_SSHS_EXT.1.7 and FCS_SSHC_EXT.1.7.   It is not necessary to use any audit logs to test that rekey is actually occuring as expected.

Test 1 for both FCS_SSHS_EXT.1.7 and FCS_SSHC_EXT.1.7 is replaced as follows:

Test 1: The evaluator will configure the TOE to create a log entry when a rekey occurs. The evaluator will connect to the TOE with an SSH client and cause a rekey to occur according to the selection(s) in the ST, and subsequently the evaluator uses available methods and tools to verify that rekeying occurs. This could be done, e.g., by checking that a corresponding audit event has been generated by the TOE, if the TOE supports auditing of rekey events. 

See issue description.