From bcf390e8a753c65542d2688a1de1976de7eea5a0 Mon Sep 17 00:00:00 2001
From: Fabian Hauser <fabian@fh2.ch>
Date: Tue, 10 Dec 2024 14:49:49 +0200
Subject: [PATCH] Remove CVE-2024-6387 ssh workaround

---
 defaults/base-minimal/default.nix | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/defaults/base-minimal/default.nix b/defaults/base-minimal/default.nix
index e6ede6d..ce133f9 100644
--- a/defaults/base-minimal/default.nix
+++ b/defaults/base-minimal/default.nix
@@ -92,10 +92,6 @@
   services.openssh = {
     enable = true;
     settings.PasswordAuthentication = false;
-
-    # temporary mitigation agains CVE-2024-6387 «regreSSHion» RCE
-    # See https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128
-    settings.LoginGraceTime = 0;
   };
 
   security.acme = {