diff options
author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-07-01 18:08:07 +0200 |
---|---|---|
committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-07-01 18:28:08 +0200 |
commit | 6fd9541ed6c13b14ee5d3c8e4b40079d828f3f63 (patch) | |
tree | da9d7f896dcecf8a2e1fe4a1be880b4e22d841df /system | |
parent | fix(peertube): allow sane user creation (diff) | |
download | nixos-server-openssh-cve-fix.tar.gz nixos-server-openssh-cve-fix.zip |
fix(system/services/openssh): Update to fix CVE-2024-6387 “regreSSHion” openssh-cve-fix
This should already be in 24.04, but it does not work currently :<.
Diffstat (limited to '')
-rw-r--r-- | system/services/openssh/default.nix | 9 | ||||
-rw-r--r-- | system/services/openssh/new_module.nix | 7 |
2 files changed, 15 insertions, 1 deletions
diff --git a/system/services/openssh/default.nix b/system/services/openssh/default.nix index 46b7ffd..46a9782 100644 --- a/system/services/openssh/default.nix +++ b/system/services/openssh/default.nix @@ -1,7 +1,14 @@ -{...}: { +{pkgsUnstable, ...}: { + imports = [ + ./new_module.nix + ]; + services.openssh = { enable = true; settings.PasswordAuthentication = false; + + package = pkgsUnstable.openssh; + hostKeys = [ { # See the explanation for this in /system/impermanence/mods/openssh.nix diff --git a/system/services/openssh/new_module.nix b/system/services/openssh/new_module.nix new file mode 100644 index 0000000..878f9de --- /dev/null +++ b/system/services/openssh/new_module.nix @@ -0,0 +1,7 @@ +{...} @ args: { + disabledModules = ["services/networking/ssh/sshd.nix"]; + + imports = [ + "${args.nixpkgs-unstable}/nixos/modules/services/networking/ssh/sshd.nix" + ]; +} |