Jailed SSH with jailkit and vscode problem

variable99 · Aug 19, 2025

I need to solve problem that vscode does not work with jailkit users.
Does anyone has working [vscode] section for jk_init.ini ?
Together with AI I made this concoction:

Code:

[uidbasics]
comment = common files for all jails that need user/group information
paths = /etc/passwd
      , /etc/group
      , /etc/nsswitch.conf
      , /etc/ld.so.conf

libraries = /lib/x86_64-linux-gnu/libnsl.so.2
          , /lib/x86_64-linux-gnu/libnss_files.so.2
          , /lib/x86_64-linux-gnu/libnss_dns.so.2
          , /lib/x86_64-linux-gnu/libnss_compat.so.2
          , /lib/x86_64-linux-gnu/libnss_hesiod.so.2
          , /lib/x86_64-linux-gnu/libnss_myhostname.so.2
          , /lib/x86_64-linux-gnu/libnss_systemd.so.2

[netbasics]
comment = Debian 12 networking basics
libraries = /lib/x86_64-linux-gnu/libnss_files.so.2

files = /etc/nsswitch.conf
        /etc/resolv.conf
        /etc/host.conf
        /etc/hosts
        /etc/protocols
        /etc/services

directories = /etc/ssl/certs

[vscode]
comment = VS Code Remote SSH support

# Basic executables VS Code server may need
executables = /bin/bash, /bin/sh, /bin/ls, /bin/mkdir, /bin/rm, /bin/ln, /bin/uname, /usr/bin/env, /bin/tar, /bin/gzip, /usr/bin/which, /usr/bin/id

# Required libraries for Debian 12 x86_64
libraries = /lib/x86_64-linux-gnu/libc.so.6
            /lib/x86_64-linux-gnu/libm.so.6
            /lib/x86_64-linux-gnu/libgcc_s.so.1
            /usr/lib/x86_64-linux-gnu/libstdc++.so.6
            /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2

# Optional NSS libraries for hostname resolution
paths = /lib/x86_64-linux-gnu/libnss_files.so.2
      , /lib/x86_64-linux-gnu/libnss_dns.so.2
      , /lib/x86_64-linux-gnu/libnss_compat.so.2
      , /lib/x86_64-linux-gnu/libnss_systemd.so.2
      , /etc/resolv.conf
      , /etc/hosts
      , /etc/nsswitch.conf
      , /etc/ssl/certs
      , /usr/lib/ssl/certs

# Include basic UID/GID info
includesections = uidbasics

From vscode side I still get:

Code:

[LinuxPrereqs]: The remote host may not meet VS Code Server's prerequisites for glibc and libstdc++

The only solution to this is to run bash user without jailkit restrictions, but this is not acceptable, as user can go outside his home directory and explore other vhosts in shared environment.

till · Aug 19, 2025

I'm not using VSCode with Jailkit users, so I can't provide you with a working config for that.

variable99 · Aug 19, 2025

No problems, maybe other members had similar issue. Old thread about vscode problem unfortunately had no solution. fslock problem is not an issue anymore. Hard to find information on the web what exact requirement does vscode server needs. Very obscure bits exist.

till · Aug 19, 2025

I guess you asked various AI already about the issue?

variable99 · Aug 19, 2025

Yes, those are not helpful at all. Even suggested to link some root directories which renders jailkit useless as jailed user may receive full access to the node . AI tools are good for very limited tasks and you must check and check and re-check again their answers...

till · Aug 19, 2025

I think AI can be quite helpful, but of course you must re-check the answer

Here is what Claude 4 suggests:
Code:
[uidbasics]
comment = common files for all jails that need user/group information
paths = /etc/passwd
      , /etc/group
      , /etc/nsswitch.conf
      , /etc/ld.so.conf

libraries = /lib/x86_64-linux-gnu/libnsl.so.2
          , /lib/x86_64-linux-gnu/libnss_files.so.2
          , /lib/x86_64-linux-gnu/libnss_dns.so.2
          , /lib/x86_64-linux-gnu/libnss_compat.so.2
          , /lib/x86_64-linux-gnu/libnss_hesiod.so.2
          , /lib/x86_64-linux-gnu/libnss_myhostname.so.2
          , /lib/x86_64-linux-gnu/libnss_systemd.so.2

[netbasics]
comment = Debian 12 networking basics
libraries = /lib/x86_64-linux-gnu/libnss_files.so.2

files = /etc/nsswitch.conf
        /etc/resolv.conf
        /etc/host.conf
        /etc/hosts
        /etc/protocols
        /etc/services

directories = /etc/ssl/certs

[vscode]
comment = VS Code Remote SSH support

# Basic executables VS Code server needs
executables = /bin/bash, /bin/sh, /bin/ls, /bin/mkdir, /bin/rm, /bin/ln, /bin/uname, /usr/bin/env, /bin/tar, /bin/gzip, /usr/bin/which, /usr/bin/id, /bin/cat, /bin/cp, /bin/mv, /usr/bin/dirname, /usr/bin/basename, /usr/bin/readlink, /bin/ps, /usr/bin/kill, /usr/bin/pkill

# Essential system libraries for VS Code Server
libraries = /lib/x86_64-linux-gnu/libc.so.6
          , /lib/x86_64-linux-gnu/libm.so.6
          , /lib/x86_64-linux-gnu/libgcc_s.so.1
          , /usr/lib/x86_64-linux-gnu/libstdc++.so.6
          , /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
          , /lib/x86_64-linux-gnu/libdl.so.2
          , /lib/x86_64-linux-gnu/libpthread.so.0
          , /lib/x86_64-linux-gnu/librt.so.1
          , /lib/x86_64-linux-gnu/libresolv.so.2
          , /lib/x86_64-linux-gnu/libnss_files.so.2
          , /lib/x86_64-linux-gnu/libnss_dns.so.2
          , /lib/x86_64-linux-gnu/libnss_compat.so.2
          , /lib/x86_64-linux-gnu/libnss_systemd.so.2

# Required paths and directories
paths = /etc/resolv.conf
      , /etc/hosts
      , /etc/nsswitch.conf
      , /etc/ssl/certs
      , /usr/lib/ssl/certs
      , /proc/version
      , /proc/meminfo
      , /proc/cpuinfo

directories = /tmp
            , /proc
            , /dev
            , /usr/lib/x86_64-linux-gnu
            , /lib/x86_64-linux-gnu

# Include basic UID/GID info
includesections = uidbasics
I can help you resolve the VS Code Remote SSH connection issue with your jailed user. The error indicates that VS Code Server can't find the required glibc and libstdc++ libraries in the jail environment.

Looking at your jailkit configuration, the issue is that VS Code Server needs additional libraries and executables that aren't currently included in your jail. The error specifically mentions glibc and libstdc++ prerequisites.

Here's the updated jailkit configuration that should resolve your VS Code Remote SSH connection issue:

## Updated Jailkit Configuration

```ini
[uidbasics]
comment = common files for all jails that need user/group information
paths = /etc/passwd
, /etc/group
, /etc/nsswitch.conf
, /etc/ld.so.conf

libraries = /lib/x86_64-linux-gnu/libnsl.so.2
, /lib/x86_64-linux-gnu/libnss_files.so.2
, /lib/x86_64-linux-gnu/libnss_dns.so.2
, /lib/x86_64-linux-gnu/libnss_compat.so.2
, /lib/x86_64-linux-gnu/libnss_hesiod.so.2
, /lib/x86_64-linux-gnu/libnss_myhostname.so.2
, /lib/x86_64-linux-gnu/libnss_systemd.so.2

[netbasics]
comment = Debian 12 networking basics
libraries = /lib/x86_64-linux-gnu/libnss_files.so.2

files = /etc/nsswitch.conf
/etc/resolv.conf
/etc/host.conf
/etc/hosts
/etc/protocols
/etc/services

directories = /etc/ssl/certs

[vscode]
comment = VS Code Remote SSH support

# Basic executables VS Code server needs
executables = /bin/bash, /bin/sh, /bin/ls, /bin/mkdir, /bin/rm, /bin/ln, /bin/uname, /usr/bin/env, /bin/tar, /bin/gzip, /usr/bin/which, /usr/bin/id, /bin/cat, /bin/cp, /bin/mv, /usr/bin/dirname, /usr/bin/basename, /usr/bin/readlink, /bin/ps, /usr/bin/kill, /usr/bin/pkill

# Essential system libraries for VS Code Server
libraries = /lib/x86_64-linux-gnu/libc.so.6
, /lib/x86_64-linux-gnu/libm.so.6
, /lib/x86_64-linux-gnu/libgcc_s.so.1
, /usr/lib/x86_64-linux-gnu/libstdc++.so.6
, /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
, /lib/x86_64-linux-gnu/libdl.so.2
, /lib/x86_64-linux-gnu/libpthread.so.0
, /lib/x86_64-linux-gnu/librt.so.1
, /lib/x86_64-linux-gnu/libresolv.so.2
, /lib/x86_64-linux-gnu/libnss_files.so.2
, /lib/x86_64-linux-gnu/libnss_dns.so.2
, /lib/x86_64-linux-gnu/libnss_compat.so.2
, /lib/x86_64-linux-gnu/libnss_systemd.so.2

# Required paths and directories
paths = /etc/resolv.conf
, /etc/hosts
, /etc/nsswitch.conf
, /etc/ssl/certs
, /usr/lib/ssl/certs
, /proc/version
, /proc/meminfo
, /proc/cpuinfo

directories = /tmp
, /proc
, /dev
, /usr/lib/x86_64-linux-gnu
, /lib/x86_64-linux-gnu

# Include basic UID/GID info
includesections = uidbasics
```

## Key Changes Made

1. **Added missing executables**: `cat`, `cp`, `mv`, `dirname`, `basename`, `readlink`, `ps`, `kill`, `pkill`
2. **Added essential system libraries**: `libdl.so.2`, `libpthread.so.0`, `librt.so.1`, `libresolv.so.2`
3. **Added required paths**: [/proc/version](cci:7://file:///proc/version:0:0-0:0), [/proc/meminfo](cci:7://file:///proc/meminfo:0:0-0:0), [/proc/cpuinfo](cci:7://file:///proc/cpuinfo:0:0-0:0)
4. **Added directories**: `/tmp`, `/proc`, `/dev`, library directories

## Apply the Changes

1. **Update your jailkit configuration file** (usually `/etc/jailkit/jk_init.ini`)
2. **Recreate the jail** with the updated configuration:
```bash
sudo jk_init -v -j /path/to/jail vscode
```
3. **Copy the user into the updated jail**:
```bash
sudo jk_jailuser -m -j /path/to/jail username
```

The updated configuration includes all the essential libraries and executables that VS Code Server requires to run properly in a jailed environment. This should resolve the glibc and libstdc++ prerequisites error.
Click to expand...

variable99 · Aug 19, 2025

Now I stuck to not be able to create /proc folder inside the jail.

mkdir: cannot create directory ‘/var/www/clients/client702/web654/proc’: Operation not permitted

till · Aug 19, 2025

The error indicates that jailkit is trying to create a `/proc` directory inside the jail, but this fails because `/proc` is a special filesystem that can't be created as a regular directory. The issue is with including `/proc` in the `directories` section of the jailkit configuration.

Here's the corrected jailkit configuration that will resolve the `/proc` directory creation error:

## Updated Jailkit Configuration (Fixed)

```ini
[uidbasics]
comment = common files for all jails that need user/group information
paths = /etc/passwd
, /etc/group
, /etc/nsswitch.conf
, /etc/ld.so.conf

libraries = /lib/x86_64-linux-gnu/libnsl.so.2
, /lib/x86_64-linux-gnu/libnss_files.so.2
, /lib/x86_64-linux-gnu/libnss_dns.so.2
, /lib/x86_64-linux-gnu/libnss_compat.so.2
, /lib/x86_64-linux-gnu/libnss_hesiod.so.2
, /lib/x86_64-linux-gnu/libnss_myhostname.so.2
, /lib/x86_64-linux-gnu/libnss_systemd.so.2

[netbasics]
comment = Debian 12 networking basics
libraries = /lib/x86_64-linux-gnu/libnss_files.so.2

files = /etc/nsswitch.conf
/etc/resolv.conf
/etc/host.conf
/etc/hosts
/etc/protocols
/etc/services

directories = /etc/ssl/certs

[vscode]
comment = VS Code Remote SSH support

# Basic executables VS Code server needs
executables = /bin/bash, /bin/sh, /bin/ls, /bin/mkdir, /bin/rm, /bin/ln, /bin/uname, /usr/bin/env, /bin/tar, /bin/gzip, /usr/bin/which, /usr/bin/id, /bin/cat, /bin/cp, /bin/mv, /usr/bin/dirname, /usr/bin/basename, /usr/bin/readlink, /bin/ps, /usr/bin/kill, /usr/bin/pkill

# Essential system libraries for VS Code Server
libraries = /lib/x86_64-linux-gnu/libc.so.6
, /lib/x86_64-linux-gnu/libm.so.6
, /lib/x86_64-linux-gnu/libgcc_s.so.1
, /usr/lib/x86_64-linux-gnu/libstdc++.so.6
, /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
, /lib/x86_64-linux-gnu/libdl.so.2
, /lib/x86_64-linux-gnu/libpthread.so.0
, /lib/x86_64-linux-gnu/librt.so.1
, /lib/x86_64-linux-gnu/libresolv.so.2
, /lib/x86_64-linux-gnu/libnss_files.so.2
, /lib/x86_64-linux-gnu/libnss_dns.so.2
, /lib/x86_64-linux-gnu/libnss_compat.so.2
, /lib/x86_64-linux-gnu/libnss_systemd.so.2

# Required directories (removed /proc and /dev)
directories = /tmp
, /usr/lib/x86_64-linux-gnu
, /lib/x86_64-linux-gnu

# Include basic UID/GID info
includesections = uidbasics
```

## Key Fix

**Removed problematic directories**: `/proc` and `/dev` from the `directories` section, as these are special filesystems that cannot be created as regular directories in a jail.

## Manual Setup After Jail Creation

After creating the jail with the updated configuration, you'll need to manually handle the `/proc` filesystem:

1. **Create the jail first**:
```bash
sudo jk_init -v -j /path/to/jail vscode
```

2. **Manually create and mount /proc** (if VS Code still needs it):
```bash
sudo mkdir -p /path/to/jail/proc
sudo mount -t proc proc /path/to/jail/proc
```

3. **Make the mount persistent** by adding to `/etc/fstab`:
```
proc /path/to/jail/proc proc defaults 0 0
```

4. **Copy the user into the jail**:
```bash
sudo jk_jailuser -m -j /path/to/jail username
```

This configuration should now work without the directory creation error. The `/proc` filesystem, if needed, can be mounted separately after the jail is created.
Click to expand...

Log in or Sign up

Jailed SSH with jailkit and vscode problem

variable99 Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

variable99 Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

variable99 Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

variable99 Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

Share This Page

Log in or Sign up

Jailed SSH with jailkit and vscode problem

variable99 Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

variable99 Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

variable99 Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

variable99 Member HowtoForge Supporter

till Super Moderator Staff Member ISPConfig Developer

Share This Page

Useful Searches