In FAU_GEN.1(1) there is a requirement to audit successful SSH re-key. FCS_SSHS_EXT.1 requires rekey after 2^28 packets. While rekeying after 2^28 packets is an SSH RFC requirement and is valid and can be tested, auditing of SSH rekeys is not required in the RFC and is pretty low-level compared to SSH session establishment or termination.

In Table 1, "Successful SSH re-key." should be removed from the Auditable Events column for FCS_SSHS_EXT.1.

This level of auditing is not deemed necessary, and the most popular SSH implementation does not support it.