Windows `ssh` 9.5.5.1 doesn't like CodexSandboxUsers on ~/.ssh/id_rsa

[HenkPoley]

What version of Codex CLI is running?

0.99.0 and later on 0.104.0

What subscription do you have?

Plus

Which model were you using?

gpt-5.3-codex

What platform is your computer?

Microsoft Windows NT 10.0.26200.0 x64

What terminal emulator and version are you using (if applicable)?

Windows Terminal

What issue are you seeing?

C:\User\user> ssh -V
OpenSSH_for_Windows_9.5p2, LibreSSL 3.8.2
C:\Users\user> ssh example.com
Bad permissions. Try removing permissions for user: <Hostname>\\CodexSandboxUsers (S-1-5-21-<Windows Security Identifier>) on file C:/Users/user/.ssh/id_rsa.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'C:\\Users\\user/.ssh/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "C:\\Users\\user/.ssh/id_rsa": bad permissions

I did some icacls shenanigans to set permissions back to something SSH is happy with.

I also updated codex with npm i -g @openai/codex. Now codex is borked on some starlark rule (deleted this rule from default.rules and it works again):

C:\User\user> codex --version
codex-cli 0.104.0
C:\User\user> codex --full-auto resume 019c322b-<UUID>-c62f430b46ce
Error loading rules:
C:\Users\user\.codex\rules\default.rules:38: starlark error: error: Parse error: unexpected identifier 'HOME' here, expected one of "\n", "!=", "%", "%=", "&", "&=", "(", ")", "*", "*=", "+", "+=", ",", "-", "-=", ".", "/", "//", "//=", "/=", ":", ";", "<", "<<", "<<=", "<=", "=", "==", ">", ">=", ">>", ">>=", "[", "]", "^", "^=", "and", "else", "for", "if", "in", "not", "or", "|", "|=" or "}" (problem is on or around line 38)

What steps can reproduce the bug?

I guess:

1. Use the OpenAI Codex CLI with Windows sandbox (--full-auto ?).
2. It sets up some extra user.
3. SSH freaks out.

What is the expected behavior?

Find a way to sandbox that does not freak out Windows's ssh.

Additional information

The issue did not re-appear immediately when I did a codex --full-auto resume <UUID> with OpenAI Codex CLI (v0.104.0)

[Timtam]

Same issue here. I was also confused about the entire sandbox thing not working at all, as in, codex always gets "no output". I then resorted to removing the user permissions from my entire C:\Usersẞ<Username> folder as .ssh was inheriting the ones from said folder. Now ssh is back and working again, however codex still gives me no output and can't work at all as it seems. It basically broke my codex :).

[rayjasson98]

Same issue. I’ve always used Codex in WSL, but I tried running it on native Windows and it ended up messing up my SSH config. I won’t be using Codex on Windows again. :(

[itchenfei]

same issue here

[tzarebczan]

Just ran into this as well. What's worse, if you use git bash, it fails silently.