fix: openssh CVE-2024-6387
This commit is contained in:
parent
72def5c785
commit
189036f2c8
2 changed files with 5 additions and 3 deletions
|
@ -720,11 +720,11 @@
|
|||
},
|
||||
"master": {
|
||||
"locked": {
|
||||
"lastModified": 1719764577,
|
||||
"narHash": "sha256-304HNA/XvmyfD7JZfpqF4dEBnbUYci/gMZvDThXmYkE=",
|
||||
"lastModified": 1719834384,
|
||||
"narHash": "sha256-M6Vr7LbYeesXrG3hjAExzIfYFxrncrs1dpnp7zdeUN4=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "19581e2ce8bc43f898ef724f8072ebf62bebb325",
|
||||
"rev": "c08bd9add4732d87fde747e15b8fc053dfd1234b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
}: {
|
||||
## System security tweaks
|
||||
|
@ -69,6 +70,7 @@
|
|||
|
||||
# SSH
|
||||
services.openssh = {
|
||||
package = pkgs.master.openssh; # HACK: to fix CVE-2024-6387
|
||||
settings = {
|
||||
# Disable ssh password login
|
||||
PasswordAuthentication = lib.mkDefault false;
|
||||
|
|
Loading…
Reference in a new issue