Secure synergy setup
Synergy is a nifty tool for cross platform clipboard, keyboard and mouse sharing. It's reasonably easy to configure synergy server for use with multiple synergy clients.
Doing so will spare you some time while working on multiple computers at your desk at once. I use it at office to connect my laptop's and office computer mouse, keyboard and clipboard and thus reducing or completely eliminating need to lean over my laptop every time I need to use it. Anyway, most of the people use it with quicksynergy wrapper allowing even easier setup, but what the synergy lack is a means of authentication and security in data transfers. I'll try to guide you how to make a secure synergy setup on untrusted networks.
So for a starter you will need to setup a synergy config file to use it with your synergy server. While using a quicksynergy may be easier we won't use it since it lacks some flexibility.
I'm using my laptop named blap and my office computer named kex. Blap is located to the left of kex so I will need a conf file looking like this:
section: screens
blap:
kex:
end
section: links
kex:
left = blap
blap:
right = kex
end
at the first section we define two screens, one for laptop and one for office computer each named by their host name. At the second section we define links between two screens which states that left from computer kex is computer blap. And for blap right edge of screen is linked with computer kex. We can define as many hosts we like in relative positions. You can consult manual page of synergys f or all available options.
When done configuring screens and links save that file as synergy.conf in your home directory.
Starting a server with:
synergys -c /home/branko/synergy.conf
will allow us to connect to our office computer using our laptop and merging screens.
Like stated earlier, synergy server have no means of authentication so any client within our network can connect to. Naturally if I'm on busy or untrusted network this isn't very appealing thought. O n top of that, all traffic between synergy server and client is unencrypted so anyone on local network can eavesdrop with tcpdump, wireshark or any other network capturing program. Anything that gets
to clipboard is available to our malicious user on our local network.
So how can we implement some sort of encryption and authentication on our synergy server.
First we will add additional parameter to our synergy server startup line:
synergys -a 127.0.0.1 -c /home/branko/synergy.conf
this way synergy server will start listening on loopback network interface only, instead on all network interfaces. This way we are only allowing access to synergy server to locally authenticated use rs. You can now put this command in session startup.
Since server is now not available on any outside interface we must first login and authenticate our self to the office computer. While doing so we will also open a ssh tunnel to our laptop.
Prior to executing our synergy client on laptop I will need to execute:
ssh -N -f -L 24800:localhost:24800 branko@192.168.0.100
this will open up ssh connection to my office computer (192.168.0.100) for which I will need to login as user branko an when I do so port 24800 on 192.168.0.100 will be tunneled to my loc alhost's port 24800.
Now I can simply start up my synergy client on my laptop by executing:
synergyc localhost
Now all the traffic between my laptop and office computer is encrypted and as such information traveling trough the ssh tunnel are unavailable to possible eavesdropping, and since we started the serv er on a loopback interface no malicious client can be connected from outside. For the ease of use you can combine the above comands in single shell script and saving it in users private bin folder:
vim ~/bin/synergy
paste the text inside:
#!/bin/sh ssh -N -f -L 24800:localhost:24800 username@synergyserver synergyc localhost
Make it executable:
chmod +x ~/bin/synergy
And now you can simply type synergy at your terminal or run command prompt after pressing ALT + F2