fix: openssh CVE-2024-6387

This commit is contained in:
Moritz Böhme 2024-07-01 21:39:05 +02:00
parent 72def5c785
commit 189036f2c8
Signed by: moritz
GPG key ID: 970C6E89EB0547A9
2 changed files with 5 additions and 3 deletions

View file

@ -720,11 +720,11 @@
},
"master": {
"locked": {
"lastModified": 1719764577,
"narHash": "sha256-304HNA/XvmyfD7JZfpqF4dEBnbUYci/gMZvDThXmYkE=",
"lastModified": 1719834384,
"narHash": "sha256-M6Vr7LbYeesXrG3hjAExzIfYFxrncrs1dpnp7zdeUN4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "19581e2ce8bc43f898ef724f8072ebf62bebb325",
"rev": "c08bd9add4732d87fde747e15b8fc053dfd1234b",
"type": "github"
},
"original": {

View file

@ -1,5 +1,6 @@
{ config
, lib
, pkgs
, ...
}: {
## System security tweaks
@ -69,6 +70,7 @@
# SSH
services.openssh = {
package = pkgs.master.openssh; # HACK: to fix CVE-2024-6387
settings = {
# Disable ssh password login
PasswordAuthentication = lib.mkDefault false;