Get the very latest sshd, 9.9p2

This is required by the PCI compliance scanner. In order to make this
work I now need to run "nixos-rebuild switch --impure" and I had to add
the unstable channel with "nix-channel --add
https://nixos.org/channels/nixpkgs-unstable nixpkgs-unstable"

anythingforafriend/etc/nixos/configuration.nix

@@ -18,7 +18,13 @@
   ];
   i18n.defaultLocale = "en_US.UTF-8";
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
-
+  nixpkgs.config = {
+    packageOverrides = pkgs: {
+      unstable = import <nixpkgs-unstable> {
+        config = config.nixpkgs.config;
+      };
+    };
+  };
   programs.neovim.enable = true;
   programs.neovim.defaultEditor = true;
 
@@ -105,6 +111,7 @@
   services.openssh = {
     enable = true;
     # require public key authentication for better security
+    package = pkgs.unstable.openssh;
     settings.PasswordAuthentication = false;
     settings.KbdInteractiveAuthentication = false;
     settings.PermitRootLogin = "no";