From 9455fefe5dd5a9a9ccb5a567135d04ad90c274f0 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Mon, 1 Jul 2024 20:14:19 +0200
Subject: [PATCH] configuration/common: Hotfix OpenSSH CVE-2024-6387

---
 configuration/common/ssh.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/configuration/common/ssh.nix b/configuration/common/ssh.nix
index e62aab5..110c670 100644
--- a/configuration/common/ssh.nix
+++ b/configuration/common/ssh.nix
@@ -7,6 +7,9 @@
     PasswordAuthentication = false;
     KbdInteractiveAuthentication = false;
     PermitRootLogin = lib.mkDefault "no";
+
+    # Hotfix CVE-2024-6387 https://github.com/NixOS/nixpkgs/pull/323753
+    LoginGraceTime = 0;
   };
   services.openssh.hostKeys = lib.mkForce [
     # Only create ed25519 host keys