From dddf97f3adbe0ea2317aa798252f4d82e5c5c614 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Thu, 4 Jun 2026 12:20:01 +0000 Subject: [PATCH] fix(wsl): disable systemd-ssh-proxy ssh_config include MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The NixOS-WSL store is a read-only VHD whose files are owned by nobody (65534), not root. programs.ssh.systemd-ssh-proxy.enable (default true) adds `Include /lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf` to /etc/ssh/ssh_config. OpenSSH permission-checks Include'd config files and rejects any not owned by root or the caller, so the nobody-owned include fails with "Bad owner or permissions" and breaks ssh/git for every command. Disable it on the WSL host: the proxy plugin only serves `ssh unix/…` / `vsock` connections to local machined VMs, which WSL does not use. Other hosts keep the default (root-owned store, include works). Co-Authored-By: Claude Opus 4.8 (1M context) --- system/machine/EDaaS/configuration.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/system/machine/EDaaS/configuration.nix b/system/machine/EDaaS/configuration.nix index e1a27f5..3136a89 100644 --- a/system/machine/EDaaS/configuration.nix +++ b/system/machine/EDaaS/configuration.nix @@ -42,6 +42,15 @@ networking.resolvconf.enable = false; + # Drop the systemd-ssh-proxy Include from the generated /etc/ssh/ssh_config. + # The NixOS-WSL store is a read-only VHD whose files are owned by nobody + # (65534), not root. OpenSSH permission-checks Include'd config files and + # rejects any not owned by root or the caller, so the default include fails + # with "Bad owner or permissions" and breaks ssh/git for every command. The + # proxy plugin only matters for `ssh unix/…` / `vsock` to local machined VMs, + # which WSL does not use. + programs.ssh.systemd-ssh-proxy.enable = false; + ## patch the script systemd.services.docker-desktop-proxy.script = lib.mkForce ''${config.wsl.wslConf.automount.root}/wsl/docker-desktop/docker-desktop-user-distro proxy --docker-desktop-root ${config.wsl.wslConf.automount.root}/wsl/docker-desktop "C:\Program Files\Docker\Docker\resources"'';