Tunneling Synergy over SSH

Synergy is a software KVM switch that let’s you share a mouse and a keyboard of one of your computers (server) with other machines (client) via network connection. One of the problems with Synergy is that it does not encrypt the data (keystrokes, buffer contents, etc.) that it sends over the network. This might not be a problem in your home network, but it is bad when you are working in a shared network where anyone can sniff the packets you are sending around. Good news is that you can perform an easy setup to make all Synergy data to go through a secure SSH tunnel.

Step 0 – Setup
My setup is probably different from yours, but as long as you use Cygwin on your Windows machine you should be fine. If both of your machines are under Linux – it’s even better.

My work laptop runs Windows XP (client) and my desktop has Ubuntu 10.04 (server) on it. You can skip Step 1 – Setting up SSH Certificates if you are fine with entering your password every time when Synergy client side wants to connect to the server (typically once per session).

Step 1 – Setting up SSH Certificates
On your client side (either from Cygwin terminal [Windows] or  regular terminal [Linux]):

Once you answer all interactive prompts, you should get a message saying that a private and a public part of your RSA key have been generated (you need to remember the location).

Q: Should I use a passphrase for the key?

A: Depends on what your priorities are. It is certainly more secure to use a passphrase than not to. Generating a key with a passphrase means that you will be required to enter it each time when you need to use your key to connect to other machine (sort of like when you enter your password to connect to a remote machine over SSH). That means that if the key gets stolen it won’t be that useful to the thief unless s/he also knows the passphrase.

However, in my case, I choose not to use a passphrase for a simple reason that it’s a company, firewall-protected network that I am using and direct SSH connections from the outside world are not allowed to either of my machines. Even thought it’s less secure the advantage is obvious – Synergy client will be able to connect to the server without requesting me to enter the passphrase every single time.

After the keys have been generated, copy your public key from the client machine to your server. You can do that over scp:

This is it. In order to test your connection, try SSHing from your client to your server, like so:

If you did everything right, you should be prompted for a passphrase (or simply logged in, if you generated a key without one). Optional. You can also reconfigure your ssh daemon to only allow public key authentication:

Make sure your options read:

Don’t forget to restart ssh daemon so that changes can take effect:

Step 2 – Setting up SSH tunnel.
Run this command on your client to enable the tunnel:

where myserver is the host name of your server machine.

If you are interested exactly what all of these switches do, you can

Step 3 – Installing Synergy
On your server:

sudo vim /etc/synergy.conf

Paste the following lines in the file:

where client and server are the hostnames of your machines. Note that this is a very trivial setup for two monitors and you can learn how to do more complicated things here.

Start your Synergy server:

On your client:

Or, if you are on Windows, get the binary installer from here.

If you are on linux, run Synergy on the client by typing this command in your terminal:

If you are on Windows, launch Synergy by clicking on the icon on your Desktop, type in localhost for the server name and click start.

Important: this is not a typo, you are actually connecting to the localhost, and not to your server (this is because you are actually want to connect to the SSH tunnel running from your client to your server).

Step 4 – Automating Things

You can put start server / client command in your startup. This way, right after you login in both of your machines you will be able to share your keyboard and mouse right away.

If your client is running Windows, you can create a little batch script and put in your startup folder:

If your client runs linux, you can easily convert the above two lines to a simple bash script and run it from startup as well:

And run it on startup as well.

Note: If you want to verify that everything works as expected, try playing with Wireshark. You want to make sure that there are no packets destined for the Synergy server, and that instead all of the packets are going directly to ssh.

6 Comments

  1. Kudos for the article as it got me up and running in no time. I myself am using Synergy 1.3.8 between my CentOS 5.7 x86_64 box and my Win XP Pro32 box with CentOS being the server.

    Every you said worked out fine, except I noticed an issue when using Cygwin. Typical network usage seemed to hover around 8 KiB/s when not using SSH while the mouse was being used on the client machine. When going through SSH, the overhead bumped it up to 13-14 KiB/s. Everything was smooth for about 5 seconds, but then I saw the data send from the client to the server drop to about 3-4 KiB/s and the mouse and keyboard got super laggy. Moving over to puTTY resolved the issue.

    Also as a note for CentOS 5.7 users. There is currently an issue with using synergy where CentOS is the server. Any keyboard action on the client machine will instantly cause synergys to lock up and not allow any keyboard input on either machine. This is a workaround given via this thread:
    http://synergy-foss.org/tracker/projects/synergy/wiki/UserFAQ

    Add the following following argument to the synergys command: –no-xinitthreads

  2. hello, very good !

    but i have a little, problem, can u please explain how install cygiw and opensshserve on windows please ?

    i m stoped in this step.

    very thanks to u

  3. This is a helpful guide! I’d been using QuickSynergy for a year but had to go manually type passwords on the client computer. This guide helped me overcome some inertia and get this set up with ssh, with more complete instructions than on the official synergy2 site.

    You have a typo in the command to start the synergy server in part three; it should be
    synergys –config /etc/synergy.conf

  4. @Ethan synergy_config was meant as a generic name for the synergy server configuration file, synergy.conf being a default name for this file. I have no idea why, but I actually named my config file differently :)

    @Issa look at the cygwin website, there are also plenty of tutorials on the internet. The SSH package itself should be pre-build and available from under cygwin.

  5. What a great article!!! it worked for me after trying so many times only with: ssh -f -N -L localhost:24800:myserver:24800 myserver” I wonder if is really necessary to have the rsa key?

  6. @Jose, RSA key step is only necessary if you want to tunnel in passwordlessly. If you are okay with typing in password each time — don’t need to do that.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">