lyrathorpe/nixfiles
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(wsl): disable systemd-ssh-proxy ssh_config include #13

Merged
lyrathorpe merged 1 commits from fix/wsl-ssh-systemd-proxy-include into main 2026-06-04 13:26:20 +01:00
Conversation 0 Commits 1 Files Changed 1
+9
lyrathorpe commented 2026-06-04 13:23:54 +01:00
Owner
Copy Link
Copy Source

The NixOS-WSL store is a read-only VHD whose files are owned by nobody
(65534), not root. programs.ssh.systemd-ssh-proxy.enable (default true)
adds Include <systemd>/lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf
to /etc/ssh/ssh_config. OpenSSH permission-checks Include'd config files
and rejects any not owned by root or the caller, so the nobody-owned
include fails with "Bad owner or permissions" and breaks ssh/git for
every command.

Disable it on the WSL host: the proxy plugin only serves ssh unix/… /
vsock connections to local machined VMs, which WSL does not use. Other
hosts keep the default (root-owned store, include works).

Co-Authored-By: Claude Opus 4.8 (1M context) noreply@anthropic.com

The NixOS-WSL store is a read-only VHD whose files are owned by nobody (65534), not root. programs.ssh.systemd-ssh-proxy.enable (default true) adds `Include <systemd>/lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf` to /etc/ssh/ssh_config. OpenSSH permission-checks Include'd config files and rejects any not owned by root or the caller, so the nobody-owned include fails with "Bad owner or permissions" and breaks ssh/git for every command. Disable it on the WSL host: the proxy plugin only serves `ssh unix/…` / `vsock` connections to local machined VMs, which WSL does not use. Other hosts keep the default (root-owned store, include works). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
lyrathorpe added 1 commit 2026-06-04 13:23:55 +01:00
fix(wsl): disable systemd-ssh-proxy ssh_config include
CI / flake (pull_request) Successful in 2m7s
Details
dddf97f3ad 
The NixOS-WSL store is a read-only VHD whose files are owned by nobody
(65534), not root. programs.ssh.systemd-ssh-proxy.enable (default true)
adds `Include <systemd>/lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf`
to /etc/ssh/ssh_config. OpenSSH permission-checks Include'd config files
and rejects any not owned by root or the caller, so the nobody-owned
include fails with "Bad owner or permissions" and breaks ssh/git for
every command.

Disable it on the WSL host: the proxy plugin only serves `ssh unix/…` /
`vsock` connections to local machined VMs, which WSL does not use. Other
hosts keep the default (root-owned store, include works).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
lyrathorpe merged commit 94fc253f68 into main 2026-06-04 13:26:20 +01:00
lyrathorpe deleted branch fix/wsl-ssh-systemd-proxy-include 2026-06-04 13:26:21 +01:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
renovate-bot lyrathorpe
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: lyrathorpe/nixfiles#13
Delete Branch "fix/wsl-ssh-systemd-proxy-include"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?