nix-community/srvos
1
1
Fork 0
mirror of https://github.com/nix-community/srvos.git synced 2024-07-14 17:20:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #449 from nix-community/openssh-workaround

Browse Source 
common/openssh: apply workaround for CVE-2024-6387
This commit is contained in:
Jörg Thalheim 2024-07-01 13:59:46 +02:00 committed by GitHub
commit 14b3b0aa48
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/common/openssh.nix
View File

@ -9,6 +9,11 @@
# unbind gnupg sockets if they exists
settings.StreamLocalBindUnlink = true;
# We might want to remove this once, openssh is fixed everywhere:
# Workaround for CVE-2024-6387
# https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128
settings.LoginGraceTime = 0;
# Use key exchange algorithms recommended by `nixpkgs#ssh-audit`
settings.KexAlgorithms = [
"curve25519-sha256"