diff --git a/src/server.c b/src/server.c
index 91de94a5..2d7e91f1 100644
--- a/src/server.c
+++ b/src/server.c
@@ -895,9 +895,6 @@ int ssh_auth_reply_success(ssh_session session, int partial)
         return ssh_auth_reply_default(session, partial);
     }
 
-    session->session_state = SSH_SESSION_STATE_AUTHENTICATED;
-    session->flags |= SSH_SESSION_FLAG_AUTHENTICATED;
-
     r = ssh_buffer_add_u8(session->out_buffer,SSH2_MSG_USERAUTH_SUCCESS);
     if (r < 0) {
         return SSH_ERROR;
@@ -905,6 +902,15 @@ int ssh_auth_reply_success(ssh_session session, int partial)
 
     r = ssh_packet_send(session);
 
+    /*
+     * Consider the session as having been authenticated only after sending
+     * the USERAUTH_SUCCESS message.  Setting these flags after ssh_packet_send
+     * ensures that a rekey is not triggered prematurely, causing the message
+     * to be queued.
+     */
+    session->session_state = SSH_SESSION_STATE_AUTHENTICATED;
+    session->flags |= SSH_SESSION_FLAG_AUTHENTICATED;
+
     crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_OUT);
     if (crypto != NULL && crypto->delayed_compress_out) {
         SSH_LOG(SSH_LOG_PROTOCOL, "Enabling delayed compression OUT");
diff --git a/tests/pkd/CMakeLists.txt b/tests/pkd/CMakeLists.txt
index 259d83ab..71355b08 100644
--- a/tests/pkd/CMakeLists.txt
+++ b/tests/pkd/CMakeLists.txt
@@ -38,6 +38,11 @@ target_link_libraries(pkd_hello ${pkd_libs})
 #
 add_test(pkd_hello_i1 ${CMAKE_CURRENT_BINARY_DIR}/pkd_hello -e -o -i1 -w /tmp/pkd_socket_wrapper_XXXXXX)
 
+#
+# pkd_hello_rekey is used to test server-side implementation of rekeying.
+#
+add_test(pkd_hello_rekey ${CMAKE_CURRENT_BINARY_DIR}/pkd_hello -t torture_pkd_openssh_rsa_rsa_default -i1 --rekey=16 -v -v -v -w /tmp/pkd_socket_wrapper_XXXXXX)
+
 #
 # Configure environment for cwrap socket wrapper.
 #