Tunneling Synergy over SSH

Posted by admin on May 23, 2010 · 4 Comments

Synergy is a software KVM switch that let’s you share a mouse and a keyboard of one of your computers (server) with other machines (client) via network connection. One of the problems with Synergy is that it does not encrypt the data (keystrokes, buffer contents, etc.) that it sends over the network. This might not be a problem in your home network, but it is bad when you are working in a shared network where anyone can sniff the packets you are sending around. Good news is that you can perform an easy setup to make all Synergy data to go through a secure SSH tunnel.

Step 0 – Setup
My setup is probably different from yours, but as long as you use Cygwin on your Windows machine you should be fine. If both of your machines are under Linux – it’s even better.

My work laptop runs Windows XP (client) and my desktop has Ubuntu 10.04 (server) on it. You can skip Step 1 – Setting up SSH Certificates if you are fine with entering your password every time when Synergy client side wants to connect to the server (typically once per session).

Step 1 – Setting up SSH Certificates
On your client side (either from Cygwin terminal [Windows] or regular terminal [Linux]):

    ssh-keygen -t rsa -b 4096

Once you answer all interactive prompts, you should get a message saying that a private and a public part of your RSA key have been generated (you need to remember the location).

Q: Should I use a passphrase for the key?

A: Depends on what your priorities are. It is certainly more secure to use a passphrase than not to. Generating a key with a passphrase means that you will be required to enter it each time when you need to use your key to connect to other machine (sort of like when you enter your password to connect to a remote machine over SSH). That means that if the key gets stolen it won’t be that useful to the thief unless s/he also knows the passphrase.

However, in my case, I choose not to use a passphrase for a simple reason that it’s a company, firewall-protected network that I am using and direct SSH connections from the outside world are not allowed to either of my machines. Even thought it’s less secure the advantage is obvious – Synergy client will be able to connect to the server without requesting me to enter the passphrase every single time.

After the keys have been generated, copy your public key from the client machine to your server. You can do that over scp:

    scp /home/myuser/.ssh/id_rsa.pub myuser@myserver:/home/myuser/.ssh/authorized_keys

This is it. In order to test your connection, try SSHing from your client to your server, like so:

    ssh myuser@myserver

If you did everything right, you should be prompted for a passphrase (or simply logged in, if you generated a key without one). Optional. You can also reconfigure your ssh daemon to only allow public key authentication:

    sudo nano /etc/ssh/sshd_config

Make sure your options read:

    RSAAuthentication yes
    PubkeyAuthentication yes
    PasswordAuthentication no
    UsePAM no

Don’t forget to restart ssh daemon so that changes can take effect:

    sudo /etc/sshd restart

Step 2 – Setting up SSH tunnel.
Run this command on your client to enable the tunnel:

    ssh -f -N -L localhost:24800:myserver:24800 myserver

where myserver is the host name of your server machine.

If you are interested exactly what all of these switches do, you can

    man ssh

Step 3 – Installing Synergy
On your server:

    sudo apt-get install synergy

sudo vim /etc/synergy.conf

Paste the following lines in the file:

section: screens
    client:
    server:
end

section: links
    client:
        right = server
    server:
        left = client
end

where client and server are the hostnames of your machines. Note that this is a very trivial setup for two monitors and you can learn how to do more complicated things here.

Start your Synergy server:

    synergys --config /etc/synergy_config

On your client:

    sudo apt-get install synergy

Or, if you are on Windows, get the binary installer from here.

If you are on linux, run Synergy on the client by typing this command in your terminal:

    synergyc localhost

If you are on Windows, launch Synergy by clicking on the icon on your Desktop, type in localhost for the server name and click start.

Important: this is not a typo, you are actually connecting to the localhost, and not to your server (this is because you are actually want to connect to the SSH tunnel running from your client to your server).

Step 4 – Automating Things

You can put start server / client command in your startup. This way, right after you login in both of your machines you will be able to share your keyboard and mouse right away.

If your client is running Windows, you can create a little batch script and put in your startup folder:

     C:\cygwin\bin\bash --login -i -c "ssh -f -N -L localhost:24800:server:24800 user@server
     && C:/PROGRA~1/Synergy/synergyc -f localhost"

If your client runs linux, you can easily convert the above two lines to a simple bash script and run it from startup as well:

     ssh -f -N -L localhost:24800:server:24800 user@server && synergyc -f localhost

And run it on startup as well.

Note: If you want to verify that everything works as expected, try playing with Wireshark. You want to make sure that there are no packets destined for the Synergy server, and that instead all of the packets are going directly to ssh.

Filed under setup · Tagged with kvm, setup, ssh, synergy

Calendar
May 2012

M T W T F S S

« Jan

1 2 3 4 5 6

7 8 9 10 11 12 13

14 15 16 17 18 19 20

21 22 23 24 25 26 27

28 29 30 31
Tags
ADMIN_DROP_SCHEMA apache2 bilingualism in canada blogging mentality canadians cinema francophone comics procrastination cp24 news reporters cs research cygwin databases db2 debugging django domain fixtures french french cinema friendly agitation kvm languages linux lotus mennonites mod_rewrite notes OMVIC car dealerships ontario programming puzzle putty puttycyg python redirect_to setup snippets sql ssh st. jacobs subdirectory syncdb synergy utilities windows wordpress xml validation
Twitter
- My trip to Russia promises to be exciting... not. 2012-01-22
- @markaci certainly was not part of my ASL101 class :( in reply to markaci 2011-12-16
- Awesome, Enersource sent me online login/pass in plaintext. Won't be surprised if it's stored in plaintext too. Srsly? #fail @enersourcenews 2011-10-26
- @_arxell I hope you've seen this already: http://t.co/aPlxriGM :P 2011-10-13
- @markaci #UofTM_csc369 #fml welcome to the world of 369 ) in reply to markaci 2011-09-21
- More updates...
Posting tweet...
Blogroll
- A5 comes alive…

May 2012
M	T	W	T	F	S	S
« Jan
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

The Definite Article

Tunneling Synergy over SSH

Calendar

Tags

Twitter

Blogroll