fix for CVE-2024-6409
This commit is contained in:
parent
5866e21d52
commit
aaa3078055
1 changed files with 5 additions and 0 deletions
|
@ -57,6 +57,11 @@ in
|
|||
enable = true;
|
||||
settings.X11Forwarding = false;
|
||||
settings.PasswordAuthentication = false;
|
||||
|
||||
# We might want to remove this once, openssh is fixed everywhere:
|
||||
# Workaround for CVE-2024-6387 and CVE-2024-6409
|
||||
# https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128
|
||||
settings.LoginGraceTime = 0;
|
||||
};
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles;
|
||||
|
|
Loading…
Reference in a new issue