diff --git a/flake.lock b/flake.lock
index 4cccc3569..47621ba31 100644
--- a/flake.lock
+++ b/flake.lock
@@ -122,10 +122,10 @@
     "nixpkgs": {
       "locked": {
         "lastModified": 315532800,
-        "narHash": "sha256-Qbg44vc/Vw971fY3/lIzDLJVmb992RTuKXL2A69/89w=",
-        "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11",
+        "narHash": "sha256-+Elxpf3FLkgKfh81xrEjVolpJEn8+fKWqEJ3ZXbAbS4=",
+        "rev": "29335f23bea5e34228349ea739f31ee79e267b88",
         "type": "tarball",
-        "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.05pre782598.18dd725c2960/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.05pre791229.29335f23bea5/nixexprs.tar.xz"
       },
       "original": {
         "type": "tarball",
diff --git a/lib/test/container-test-driver/nixos-module.nix b/lib/test/container-test-driver/nixos-module.nix
index 090279c06..c7e1dd32e 100644
--- a/lib/test/container-test-driver/nixos-module.nix
+++ b/lib/test/container-test-driver/nixos-module.nix
@@ -23,4 +23,13 @@
 
   # we don't have permission to set cpu scheduler in our container
   systemd.services.nix-daemon.serviceConfig.CPUSchedulingPolicy = lib.mkForce "";
+
+  # Adds `Include /nix/store/...` to `/etc/ssh/ssh_config`[1] which will make
+  # SSH fail when running inside a container test as SSH checks the permissions
+  # of the config files it reads which can't be disabled[2] and all the store
+  # paths inside the build sandbox (and the container by extension) are owned
+  # by `nobody:nogroup` rather than `root:nixbld`.
+  # [1]: https://github.com/NixOS/nixpkgs/blob/29335f23bea5e34228349ea739f31ee79e267b88/nixos/modules/programs/ssh.nix#L344-L347
+  # [2]: https://github.com/openssh/openssh-portable/blob/b5b405fee7f3e79d44e2d2971a4b6b4cc53f112e/readconf.c#L2579-L2587
+  programs.ssh.systemd-ssh-proxy.enable = false;
 }
diff --git a/lib/test/container-test-driver/test_driver/__init__.py b/lib/test/container-test-driver/test_driver/__init__.py
index ea0737c5d..42c26979b 100644
--- a/lib/test/container-test-driver/test_driver/__init__.py
+++ b/lib/test/container-test-driver/test_driver/__init__.py
@@ -333,6 +333,15 @@ class Machine:
             raise RuntimeError(msg)
         return res.stdout
 
+    def fail(self, command: str, timeout: int | None = None) -> str:
+        res = self.execute(command, timeout=timeout)
+        if res.returncode == 0:
+            msg = f"command `{command}` unexpectedly succeeded\n"
+            msg += f"Exit code: {res.returncode}\n"
+            msg += f"Stdout: {res.stdout}"
+            raise RuntimeError(msg)
+        return res.stdout
+
     def shutdown(self) -> None:
         """
         Shut down the machine, waiting for the VM to exit.