configuration/common: Hotfix OpenSSH CVE-2024-6387

2024-07-01 20:14:19 +02:00 · 2024-07-01 20:14:19 +02:00 · 9455fefe5d
commit 9455fefe5d
parent a080f84880
1 changed files with 3 additions and 0 deletions
--- a/configuration/common/ssh.nix
+++ b/configuration/common/ssh.nix
@ -7,6 +7,9 @@
    PasswordAuthentication = false;
    KbdInteractiveAuthentication = false;
    PermitRootLogin = lib.mkDefault "no";
+
+    # Hotfix CVE-2024-6387 https://github.com/NixOS/nixpkgs/pull/323753
+    LoginGraceTime = 0;
  };
  services.openssh.hostKeys = lib.mkForce [
    # Only create ed25519 host keys