summary refs log tree commit diff stats
path: root/system
diff options
context:
space:
mode:
authorBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-07-01 18:08:07 +0200
committerBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-07-01 18:28:08 +0200
commit6fd9541ed6c13b14ee5d3c8e4b40079d828f3f63 (patch)
treeda9d7f896dcecf8a2e1fe4a1be880b4e22d841df /system
parentfix(peertube): allow sane user creation (diff)
downloadnixos-server-openssh-cve-fix.tar.gz
nixos-server-openssh-cve-fix.zip
fix(system/services/openssh): Update to fix CVE-2024-6387 “regreSSHion” openssh-cve-fix
This should already be in 24.04, but it does not work currently :<.
Diffstat (limited to '')
-rw-r--r--system/services/openssh/default.nix9
-rw-r--r--system/services/openssh/new_module.nix7
2 files changed, 15 insertions, 1 deletions
diff --git a/system/services/openssh/default.nix b/system/services/openssh/default.nix
index 46b7ffd..46a9782 100644
--- a/system/services/openssh/default.nix
+++ b/system/services/openssh/default.nix
@@ -1,7 +1,14 @@
-{...}: {
+{pkgsUnstable, ...}: {
+  imports = [
+    ./new_module.nix
+  ];
+
   services.openssh = {
     enable = true;
     settings.PasswordAuthentication = false;
+
+    package = pkgsUnstable.openssh;
+
     hostKeys = [
       {
         # See the explanation for this in /system/impermanence/mods/openssh.nix
diff --git a/system/services/openssh/new_module.nix b/system/services/openssh/new_module.nix
new file mode 100644
index 0000000..878f9de
--- /dev/null
+++ b/system/services/openssh/new_module.nix
@@ -0,0 +1,7 @@
+{...} @ args: {
+  disabledModules = ["services/networking/ssh/sshd.nix"];
+
+  imports = [
+    "${args.nixpkgs-unstable}/nixos/modules/services/networking/ssh/sshd.nix"
+  ];
+}