Stack Exchange Network

Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Visit Stack Exchange

Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. It only takes a minute to sign up.

Sign up to join this community

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

I am attempting to transition using the VS Code with the remote plugin for development on Linux VMs. However I am struggling with something related to the DISPLAY variable. Somehow during SSH to server with MobaXterm the DISPLAY variable is setup correctly. However it is not set at all when I ssh to the same server with VS code. I can manually set the DISPLAY variable, but how is it done when using MobaXterm? I see nothing in the settings dialogs that indicates the value so I do not know how to replicate this process to automatically set DISPLAY during SSH connection via Visual Studio Code. When connecting to multiple VMs the DISPLAY variable is sometimes different. Sometimes the it is :14.0 and sometimes :10.0 so it looks like hard coding it in a profile isn't a good idea. So how is it supposed to be set?

My SSH config files for the remote connection looks like this, except that I have made up fake names for the targets.

Host server-10
  HostName server-10
  IdentityFile C:\\Users\\my.user.name\\.ssh\\id_rsa
  ForwardX11 yes
  ForwardX11Trusted yes
MobaXterm's main purpose is to enable the use of X11 GUI applications, so it includes a X11 display server. So its SSH client component requests X11 forwarding by default.
VS Code on the other hand does not include an X11 server, and does not request X11 forwarding unless you specifically tell it to do so, by adding the -X, -Y or -XY option in the Enter SSH connection command prompt.
When X11 is forwarded over SSH, the following things happen:
1.) The SSH client connects to the local X11 display server (in Windows typically by making a local TCP connection to port 6000, unless specified otherwise) and verifies it's accessible.
2.) When negotiating a connection with the remote SSH server, the client requests X11 forwarding. If the remote SSH server accepts the request, it will set up a local X11 proxy listening for local connections on port 6010 or the first free port after that. It will set the DISPLAY environment variable on the remote end, typically to localhost:<X11 proxy port number - 6000>. It will also provision a ~/.Xauthority file with a dummy MIT-MAGIC-COOKIE session key.
3.) When a remote X11 application starts, it will see the DISPLAY environment variable and the ~/.Xauthority file, and as instructed by them, will establish a X11 connection to the proxy created by the remote SSH server.
4.) The proxy port will accept X11 connections (normally within the same host only), verify the session key, and pass the X11 traffic within the encrypted SSH tunnel to the local SSH client.
5.) The local SSH client will replace the remote dummy cookie with one required by the actual local X11 server (if necessary) and forward the traffic locally to the X11 display server. Any responses will be sent back the same way.
The remote X11 port number and the corresponding DISPLAY variable value depends on how many other existing SSH-forwarded X11 connections (and possible other users of TCP ports in the 6010+ range) there are on the remote server. So, hardcoding the DISPLAY variable is indeed not a good idea.
The X410 X11 server for Windows has a cookbook with pictures for setting up X11 connections with VS Code: https://x410.dev/cookbook/enabling-ssh-x11-forwarding-in-visual-studio-code-for-remote-development/
You can use any Windows X11 display server, but the principle will be the same.
If your local X11 display server accepts direct remote X11 connections in port 6000/TCP, then you technically could set the remote DISPLAY variable manually to <IP or hostname of the local system>:0. However, you should not do this unless you absolutely trust anyone that will be able to connect to your local system: this sets up an unencrypted X11 connection, which can be easily eavesdropped.
A malicious remote X11 connection can also act as a keylogger for your entire local display, so you should not allow applications that are not legitimate parts of your own session to connect to your X11 display server. The X11 session cookie mechanism is designed to prevent that: unless the remote application can produce the session-specific cookie provisioned to your user account only, the X11 connection will be dropped.
Practically all Linux distributions I've seen since the year 2000 have long since configured their X11 servers to reject any unencrypted remote X11 connections by default, but Windows X11 servers might not have done so.
                I should have stated in the question body that I did set the ForwardX11 and ForwardX11Trusted flags in my ssh configuration.  I'm not explicitly writing the ssh command since the connection is via the VS code GUI.  I assumed that VS Code would use those flags to construct the correct ssh command and options.
– shawn1874
                Sep 8 at 0:32
                Appreciate the lengthy explanation though, and I will read that article to see if anything there helps me out.  I have mobaxterm installed so I assume that I have an X server running when mobaxterm runs.  I can manually set the display variable after the connection and it works.  I'm just trying to get it working so that DISPLAY is set automatically.
– shawn1874
                Sep 8 at 0:39