The NixOS-WSL store is a read-only VHD whose files are owned by nobody (65534), not root. programs.ssh.systemd-ssh-proxy.enable (default true) adds `Include <systemd>/lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf` to /etc/ssh/ssh_config. OpenSSH permission-checks Include'd config files and rejects any not owned by root or the caller, so the nobody-owned include fails with "Bad owner or permissions" and breaks ssh/git for every command. Disable it on the WSL host: the proxy plugin only serves `ssh unix/…` / `vsock` connections to local machined VMs, which WSL does not use. Other hosts keep the default (root-owned store, include works). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Emma Thorpe
@@ -42,6 +42,15 @@
|
||||
|
||||
networking.resolvconf.enable = false;
|
||||
|
||||
# Drop the systemd-ssh-proxy Include from the generated /etc/ssh/ssh_config.
|
||||
# The NixOS-WSL store is a read-only VHD whose files are owned by nobody
|
||||
# (65534), not root. OpenSSH permission-checks Include'd config files and
|
||||
# rejects any not owned by root or the caller, so the default include fails
|
||||
# with "Bad owner or permissions" and breaks ssh/git for every command. The
|
||||
# proxy plugin only matters for `ssh unix/…` / `vsock` to local machined VMs,
|
||||
# which WSL does not use.
|
||||
programs.ssh.systemd-ssh-proxy.enable = false;
|
||||
|
||||
## patch the script
|
||||
systemd.services.docker-desktop-proxy.script = lib.mkForce ''${config.wsl.wslConf.automount.root}/wsl/docker-desktop/docker-desktop-user-distro proxy --docker-desktop-root ${config.wsl.wslConf.automount.root}/wsl/docker-desktop "C:\Program Files\Docker\Docker\resources"'';
|
||||
|
||||
|
||||
Reference in New Issue
Block a user