| 1 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
|
|---|
| 2 | <html>
|
|---|
| 3 | <head>
|
|---|
| 4 | <meta HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=iso-8859-1">
|
|---|
| 5 | <meta name="keywords" content="Virtual Screen, Open Source, Software" />
|
|---|
| 6 | <meta name="description" content="Mouse and Keyboard Sharing" />
|
|---|
| 7 | <link rel="stylesheet" type="text/css" href="synergy.css" media="screen" />
|
|---|
| 8 | <title>Synergy Network Security Guide</title>
|
|---|
| 9 | </head>
|
|---|
| 10 | <body class="main">
|
|---|
| 11 | <p>
|
|---|
| 12 | </p><h3>Authentication and Encryption</h3><p>
|
|---|
| 13 | Synergy does not do any authentication or encryption. Any computer
|
|---|
| 14 | can connect to the synergy server if it provides a screen name known
|
|---|
| 15 | to the server, and all data is transferred between the server and the
|
|---|
| 16 | clients unencrypted which means that anyone can, say, extract the
|
|---|
| 17 | key presses used to type a password. Therefore, synergy should not
|
|---|
| 18 | be used on untrusted networks.
|
|---|
| 19 | </p><p>
|
|---|
| 20 | However, there are tools that can add authentication and encryption
|
|---|
| 21 | to synergy without modifying either those tools or synergy. One
|
|---|
| 22 | such tool is SSH (which stands for secure shell). A free implementation
|
|---|
| 23 | of SSH is called <a target="_top" href="http://www.openssh.com/">OpenSSH</a> and runs
|
|---|
| 24 | on Linux, many Unixes, and Windows (in combination with
|
|---|
| 25 | <a target="_top" href="http://www.cygwin.com/">Cygwin</a>).
|
|---|
| 26 | </p><p>
|
|---|
| 27 | </p><h3>Configuring the Server</h3><p>
|
|---|
| 28 | Install the OpenSSH server on the same computer as the synergy server.
|
|---|
| 29 | Configure the OpenSSH server as usual (synergy doesn't demand any
|
|---|
| 30 | special options in OpenSSH) and start it. Start the synergy server as
|
|---|
| 31 | usual; the synergy server requires no special options to work with
|
|---|
| 32 | OpenSSH.
|
|---|
| 33 | </p><p>
|
|---|
| 34 | </p><h3>Configuring the Clients</h3><p>
|
|---|
| 35 | Install the OpenSSH client on each synergy client computer. Then, on
|
|---|
| 36 | each client, start the OpenSSH client using port forwarding:
|
|---|
| 37 | <pre>
|
|---|
| 38 | ssh -f -N -L 24800:<span class="arg">server-hostname</span>:24800 <span class="arg">server-hostname</span>
|
|---|
| 39 | </pre>
|
|---|
| 40 | The <span class="arg">server-hostname</span> is the name or address
|
|---|
| 41 | of the computer with the OpenSSH and synergy servers.
|
|---|
| 42 | The 24800 is the default network port used by synergy; if you use
|
|---|
| 43 | a different port then replace both instances of 24800 with the port
|
|---|
| 44 | number that you use. Finally, start the synergy client normally
|
|---|
| 45 | except use <span class="code">localhost</span> as the server host
|
|---|
| 46 | name. For example:
|
|---|
| 47 | <pre>
|
|---|
| 48 | synergyc -f localhost
|
|---|
| 49 | </pre>
|
|---|
| 50 | Synergy will then run normally except all communication is passed
|
|---|
| 51 | through OpenSSH which decrypts/encrypts it on behalf of synergy.
|
|---|
| 52 | </p>
|
|---|
| 53 | </body>
|
|---|
| 54 |
|
|---|
| 55 | </html>
|
|---|
