mirror of
https://github.com/nix-community/srvos.git
synced 2024-08-16 09:20:26 +03:00
Merge pull request #449 from nix-community/openssh-workaround
common/openssh: apply workaround for CVE-2024-6387
This commit is contained in:
commit
14b3b0aa48
@ -9,6 +9,11 @@
|
||||
# unbind gnupg sockets if they exists
|
||||
settings.StreamLocalBindUnlink = true;
|
||||
|
||||
# We might want to remove this once, openssh is fixed everywhere:
|
||||
# Workaround for CVE-2024-6387
|
||||
# https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128
|
||||
settings.LoginGraceTime = 0;
|
||||
|
||||
# Use key exchange algorithms recommended by `nixpkgs#ssh-audit`
|
||||
settings.KexAlgorithms = [
|
||||
"curve25519-sha256"
|
||||
|
Loading…
Reference in New Issue
Block a user