Tailscale SSH via VS Code Extension

GreymatterPrison · September 1, 2025, 4:36pm

I am trying to utilize the Tailscale Extension on VS Code to SSH via my Tailnet. I am met with an error of login: can't set groups: Operation not permitted within VS Code.

My Tailscale app is also running as unknown user and group. Is this expected behavior?

SSH is enabled in TrueNAS system services. (This should not be required from my understanding but I have it enabled for SSH outside of my Tailnet)

App Config:
Tailscale ssh flag is set within the container.
Tailscale ACL is set to allow SSH.

1605: tailscale0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc fq_codel state UNKNOWN group default qlen 500 link/none

Is this expected behavior of the docker0 device? Being down?
38: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default

Is all of this expected behavior or is something misconfigured? Any help would be greatly appreciated.

GreymatterPrison · September 28, 2025, 5:22pm

Bump

PhilD13 · September 28, 2025, 10:13pm

On both of my Truenas systems the Tailscale app runs as root user and group

Run As Context

UID: 0
GID: 0

Username: root
Groupname: root

Description: Tailscale runs as a root user.

GreymatterPrison · September 30, 2025, 9:45am

That is just the run as context. Is it actually running as root?

PhilD13 · September 30, 2025, 12:43pm

Go look in htop. All the Tailscale processes run as root just like the description says.

GreymatterPrison · October 1, 2025, 12:47pm

So yes, I see in htop and if I run id in the container shell it is running as root.

The main issue is still present and is even more confusing knowing that the container has the correct user permissions to do what I am trying to do.

PhilD13 · October 1, 2025, 1:09pm

Have you read the KB article on Tailscale SSH from Tailscale?

Tailscale ssh is specific to Tailscale and the Tailscale network.

GreymatterPrison · October 1, 2025, 1:18pm

Yes, are you stating something specific? What I am trying to do should be possible.

PhilD13 · October 1, 2025, 2:42pm

You are trying to interact with Visual Studio development via ssh in your tailnet correct? Then Tailscale does have an extension for Visual Studio Code lets you interact with resources in your tailnet from within the VS Code IDE. The page below has the link and has some info on solving ssh issues. Other than that I am out of ideas.

GreymatterPrison · October 16, 2025, 2:28pm

Thanks to stavros-k on github for giving me the flag and responding so fast.

cap_add needs to have SETGID flag added.

This only gets access to the container and the containers file system. This may be the limitation to the environment (docker). Not willing to run as privileged.

We need Tailscale on the TrueNAS host. Let’s make that happen!