openssh: use ssh-keysign from PATH

ssh-keysign is used for host-based authentication, and is designed to be used
as SUID-root program. OpenSSH defaults to referencing it from libexec, which
cannot be made SUID in Nix.

1 files changed, 2 insertions, 0 deletions

diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 6ce574b9cdc40..24adb554bc18a 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -50,6 +50,8 @@ stdenv.mkDerivation rec {
         url = https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2.patch;
         sha256 = "0q27i9ymr97yb628y44qi4m11hk5qikb1ji1vhvax8hp18lwskds";
       })
+
+      ./ssh-keysign.patch
     ]
     ++ optional withGssapiPatches (assert withKerberos; gssapiPatch);