Merge pull request 'sshd: workaround for CVE-2024-6387' (#1674) from openssh-cve-workaround into main

2024-07-01 12:04:54 +00:00 · 2024-07-01 12:04:54 +00:00 · e7ba8dbe15
commit e7ba8dbe15
parent 0f95bfd279 cfc09ca270
1 changed files with 4 additions and 0 deletions
--- a/clanModules/sshd/default.nix
+++ b/clanModules/sshd/default.nix
@ -2,6 +2,10 @@
 {
  services.openssh.enable = true;
  services.openssh.settings.PasswordAuthentication = false;
+  # We might want to remove this once, openssh is fixed everywhere:
+  # Workaround for CVE-2024-6387
+  # https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128
+  services.openssh.settings.LoginGraceTime = 0;

  services.openssh.hostKeys = [
    {