diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix
index 56e17cd..eaf55e5 100644
--- a/nixos/modules/profiles/base.nix
+++ b/nixos/modules/profiles/base.nix
@@ -49,5 +49,10 @@ in
   };
 
   programs.zsh.enable = mkDefault true;
+
+  # Mitigation for CVE-2024-6387
+  # Might be vulnerable to DOS, but better than RCE ...
+  # https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128
+  services.openssh.settings.LoginGraceTime = 0;
 }