diff --git a/defaults/main.yml b/defaults/main.yml
index 1b35963..974e24f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -43,6 +43,9 @@ sshd_max_sessions: 10
 sshd_tcp_keep_alive: "yes"
 sshd_use_dns: "no"
 
+sshd_rekey_limit_size: "1G"
+sshd_rekey_limit_time: "1h"
+
 sshd_crypto_policy_enabled: True
 
 # @var sshd_challenge_response_authentication:description: >
diff --git a/templates/etc/ssh/sshd_config.j2 b/templates/etc/ssh/sshd_config.j2
index 3a8333b..4bb5fc7 100644
--- a/templates/etc/ssh/sshd_config.j2
+++ b/templates/etc/ssh/sshd_config.j2
@@ -29,7 +29,7 @@ HostKey /etc/ssh/ssh_host_ecdsa_key
 HostKey /etc/ssh/ssh_host_ed25519_key
 
 # Ciphers and keying
-#RekeyLimit default none
+RekeyLimit {{ sshd_rekey_limit_size }} {{ sshd_rekey_limit_time }}
 
 {% if sshd_crypto_policy_enabled | bool %}
 # This system is following system-wide crypto policy. The changes to