diff --git a/ic-os/components/early-boot/relabel-machine-id/guestos/relabel-machine-id.sh b/ic-os/components/early-boot/relabel-machine-id/guestos/relabel-machine-id.sh
index 5227c8b287b..951b8ef05e9 100755
--- a/ic-os/components/early-boot/relabel-machine-id/guestos/relabel-machine-id.sh
+++ b/ic-os/components/early-boot/relabel-machine-id/guestos/relabel-machine-id.sh
@@ -2,4 +2,5 @@
 
 # machine-id is set up in initramfs and bind-mounted over to the rootfs. Since
 # policy is not loaded in initramfs yet, it has wrong security context.
+systemd-machine-id-setup --commit
 restorecon -v /etc/machine-id
diff --git a/ic-os/components/early-boot/relabel-machine-id/relabel-machine-id.sh b/ic-os/components/early-boot/relabel-machine-id/relabel-machine-id.sh
index 7adda9e3e1c..676977661f7 100755
--- a/ic-os/components/early-boot/relabel-machine-id/relabel-machine-id.sh
+++ b/ic-os/components/early-boot/relabel-machine-id/relabel-machine-id.sh
@@ -4,4 +4,5 @@
 # over to the rootfs. Since policy is not loaded in initramfs yet, it has
 # wrong security context. Fix this up, but ignore failures (this will not
 # work on first boot).
+systemd-machine-id-setup --commit
 restorecon -v /etc/machine-id || true
diff --git a/ic-os/components/init/bootstrap-ic-node/guestos/bootstrap-ic-node.sh b/ic-os/components/init/bootstrap-ic-node/guestos/bootstrap-ic-node.sh
index 0ada533149f..a048898e881 100755
--- a/ic-os/components/init/bootstrap-ic-node/guestos/bootstrap-ic-node.sh
+++ b/ic-os/components/init/bootstrap-ic-node/guestos/bootstrap-ic-node.sh
@@ -180,7 +180,7 @@ while [ ! -f /boot/config/CONFIGURED ]; do
     fi
 
     # Fix up permissions. This is actually the wrong place.
-    chown ic-replica.nogroup -R /var/lib/ic/data
+    chown ic-replica:nogroup -R /var/lib/ic/data
 
     if [ "${DEV}" != "" ]; then
         umount /mnt
diff --git a/ic-os/components/networking/generate-network-config/guestos/generate-network-config.service b/ic-os/components/networking/generate-network-config/guestos/generate-network-config.service
index a2438589810..33f6fc57ef4 100644
--- a/ic-os/components/networking/generate-network-config/guestos/generate-network-config.service
+++ b/ic-os/components/networking/generate-network-config/guestos/generate-network-config.service
@@ -1,6 +1,7 @@
 [Unit]
 Description=Generate network config
 After=bootstrap-ic-node.service
+Requires=bootstrap-ic-node.service
 Before=systemd-networkd.service
 
 [Install]
diff --git a/ic-os/guestos/context/Dockerfile b/ic-os/guestos/context/Dockerfile
index da2b6a87427..80ac85d4c56 100644
--- a/ic-os/guestos/context/Dockerfile
+++ b/ic-os/guestos/context/Dockerfile
@@ -96,6 +96,7 @@ RUN \
 RUN systemctl enable \
     chrony \
     nftables \
+    ssh \
     systemd-networkd \
     systemd-networkd-wait-online \
     systemd-resolved \
diff --git a/ic-os/hostos/context/Dockerfile b/ic-os/hostos/context/Dockerfile
index 6285801516a..8ab9c725f3c 100644
--- a/ic-os/hostos/context/Dockerfile
+++ b/ic-os/hostos/context/Dockerfile
@@ -91,6 +91,7 @@ RUN systemctl enable \
     chrony \
     libvirtd \
     nftables \
+    ssh \
     systemd-journal-gatewayd \
     systemd-networkd \
     systemd-networkd-wait-online \