palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix for CVE-2024-6409

Browse source
This commit is contained in:
Ingolf Wagner 2024-07-09 09:48:03 +02:00
parent 5866e21d52
commit aaa3078055
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
components/network/sshd/default.nix
View file

@ -57,6 +57,11 @@ in
enable = true;
settings.X11Forwarding = false;
settings.PasswordAuthentication = false;
# We might want to remove this once, openssh is fixed everywhere:
# Workaround for CVE-2024-6387 and CVE-2024-6409
# https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128
settings.LoginGraceTime = 0;
};
users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles;