clan/clan-core
11
2
Fork 13
Code Issues 91 Pull Requests 5 Actions Packages Projects 1 Releases Wiki Activity

sshd: workaround for CVE-2024-6387 #1674

Merged
clan-bot merged 1 commits from openssh-cve-workaround into main 2024-07-01 12:04:54 +00:00
Conversation 0 Commits 1 Files Changed 1 +4
Mic92 commented 2024-07-01 11:58:08 +00:00
Owner
Copy Link
No description provided.
Mic92 added 1 commit 2024-07-01 11:58:08 +00:00
sshd: workaround for CVE-2024-6387
Some checks failed
buildbot/nix-build .#checks.x86_64-linux.package-module-schema Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-moonlight-sunshine-accept Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-deploy-docs Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-pending-reviews Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-tea-create-pr Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.lib-jsonschema-nix-unit-tests Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-zerotier-members Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-webview-ui Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-zt-tcp-relay Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-zerotierone Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.nixos-test_install_machine Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.postgresql Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.test-backups Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-function-schema Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.nixos-flash-installer Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.secrets Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.template-minimal Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.nixos-iso-installer Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.zt-tcp-relay Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-iso-installer Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.wayland-proxy-virtwl Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.syncthing Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.lib-inventory-eval Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.module-clan-vars-eval Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.package-gui-install-test-ubuntu-22-04 Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.clan-pytest-with-core Build done.
Details
buildbot/nix-build .#checks.x86_64-linux.flash Build done.
Details
checks / checks-impure (pull_request) Successful in 2m20s
Details
buildbot/nix-build .#checks.x86_64-linux.test-installation Build done.
Details
buildbot/nix-eval Build done.
Details
ddce731ad7
clan-bot was assigned by lassulus 2024-07-01 11:59:07 +00:00
lassulus approved these changes 2024-07-01 11:59:13 +00:00
lassulus reviewed 2024-07-01 12:00:47 +00:00
clanModules/sshd/default.nix Outdated
@ -5,0 +5,4 @@
# We might want to remove this once, openssh is fixed everywhere:
# Workaround for CVE-2024-6387
# https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128
services.openssh.settings.settings.LoginGraceTime = 0;
lassulus commented 2024-07-01 12:00:47 +00:00
Owner
Copy Link

redundant settings?

redundant settings?
Mic92 commented 2024-07-01 12:02:10 +00:00
Author
Owner
Copy Link

Ci catched it as well.

Ci catched it as well.
Mic92 marked this conversation as resolved
Mic92 force-pushed openssh-cve-workaround from ddce731ad7 to cfc09ca270 2024-07-01 12:01:46 +00:00 Compare
clan-bot merged commit e7ba8dbe15 into main 2024-07-01 12:04:54 +00:00
Mic92 deleted branch openssh-cve-workaround 2024-07-01 12:12:33 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
lassulus
Labels
Clear labels   
backups

   
blog

   
bootstrapping

Issues regarding bootstrapping, or onboarding

  
bug

Something is not working.

  
changes-requested

Please fix this.

  
cli

   
documentation

   
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
facts

Issues regarding facts and secrets setting and generation

  
help wanted

Need some help

  
invalid

Something is wrong

  
Inventory

Inventory

  
low_prio

   
manager

   
modules

   
needs-review

This PR needs to be reviewed. Use the request-changes label to request changes

  
networking

   
packaging

   
question

More information is needed

  
secrets

   
template

Issues regarding templates.

  
test

Issues regarding testing

  
tooling

Issues regarding internal devtools

  
user-testing

Issues that cristallised after hands on user testing.

  
vm

Issues regarding virtual machines.

  
wontfix

This won't be fixed

No Label
backups
blog
bootstrapping
bug
changes-requested
cli
documentation
duplicate
enhancement
facts
help wanted
invalid
Inventory
low_prio
manager
modules
needs-review
networking
packaging
question
secrets
template
test
tooling
user-testing
vm
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
clan-bot
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: clan/clan-core#1674
No description provided.
Delete Branch "openssh-cve-workaround"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?