posted on February 1st, 2009
Synergy is a nifty tool for cross platform clipboard, keyboard and mouse sharing. It's reasonably easy to configure synergy server for use with multiple synergy clients.
Doing so will spare you some time while working on multiple computers at your desk at once. I use it at office to connect my laptop's and office computer mouse, keyboard and clipboard and thus reducing or completely eliminating need to lean over my laptop every time I need to use it. Anyway, most of the people use it with quicksynergy wrapper allowing even easier setup, but what the synergy lack is a means of authentication and security in data transfers. I'll try to guide you how to make a secure synergy setup on untrusted networks.
So for a starter you will need to setup a synergy config file to use it with your synergy server.
While using a quicksynergy may be easier we won't use it since it lacks some flexibility.
I'm using my laptop named blap and my office computer named kex. Blap is located to the left of kex so I will need a conf file looking like this:
left = blap
right = kex
at the first section we define two screens, one for laptop and one for office computer each named by their host name. At the second section we define links between two screens which states that left from computer kex is computer blap. And for blap right edge of screen is linked with computer kex. We can define as many hosts we like in relative positions. You can consult manual page of synergys for all available options.
When done configuring screens and links save that file as synergy.conf
in your home directory.
Starting a server with:
synergys -c /home/branko/synergy.conf
will allow us to connect to our office computer using our laptop and merging screens.
Like stated earlier, synergy server have no means of authentication so any client within our network can connect to. Naturally if I'm on busy or untrusted network this isn't very appealing thought. On top of that, all traffic between synergy server and client is unencrypted so anyone on local network can eavesdrop with tcpdump, wireshark or any other network capturing program. Anything that gets to clipboard is available to our malicious user on our local network.
So how can we implement some sort of encryption and authentication on our synergy server.
First we will add additional parameter to our synergy server startup line:
synergys -a 127.0.0.1 -c /home/branko/synergy.conf
this way synergy server will start listening on loopback network interface instead on all network interfaces. This way we are only allowing access to synergy server to locally authenticated users. You can now put this command in session startup.
Since now server is not available on any outside interface we must first login and authenticate our self to the office computer. While doing so we will also open a ssh tunnel to our laptop.
So prior to executing our synergy client on laptop I will need to execute:
ssh -N -f -L 24800:localhost:24800 [email protected]
this will open up ssh connection to my office computer (192.168.0.100) for which I will need to login as user branko
an when I do so port 24800
will be tunneled to my localhost's port 24800
Now I can simply start up my synergy client on my laptop by executing:
Now all the traffic between my laptop and office computer is encrypted and as such information traveling trough the ssh tunnel are unavailable to possible eavesdropping, and since we started the server on a loopback interface no malicious client can be connected from outside. For the ease of use you can combine the above comands in single shell script and saving it in users private bin folder.
paste the text inside
ssh -N -f -L 24800:localhost:24800 username@synergyserver
Make it executable:
chmod +x ~/bin/synergy
And now you can simply type synergy
at your terminal or run command prompt after pressing ALT + F2