From cfc09ca27074ef38ac0bfa8ece570392e92f70b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 1 Jul 2024 13:57:29 +0200
Subject: [PATCH] sshd: workaround for CVE-2024-6387

---
 clanModules/sshd/default.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/clanModules/sshd/default.nix b/clanModules/sshd/default.nix
index d68fce4f..a4e291b3 100644
--- a/clanModules/sshd/default.nix
+++ b/clanModules/sshd/default.nix
@@ -2,6 +2,10 @@
 {
   services.openssh.enable = true;
   services.openssh.settings.PasswordAuthentication = false;
+  # We might want to remove this once, openssh is fixed everywhere:
+  # Workaround for CVE-2024-6387
+  # https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128
+  services.openssh.settings.LoginGraceTime = 0;
 
   services.openssh.hostKeys = [
     {