Comments on: Update: Securing Synergy Over The Wire

By: Miro

Miro — Thu, 04 Nov 2010 19:44:47 +0000

I don’t understand how this setting is secure. If i understand it correctly anybody who present himself with same hostname cat read output of the synergy server. He does not need any password.

By: Brad

Brad — Fri, 08 Oct 2010 21:35:02 +0000

@ Torin

This is correct – You need “synergyc localhost” NOT “synergyc macbook” if you want to use your ssh tunnel.

By: Nikita

Nikita — Mon, 24 May 2010 00:12:06 +0000

I second Torin, David, and Ewan. In fact, if you want to see how it doesn’t work, you might wanna run wireshark and see where packets are going / their contents

By: Torin

Torin — Sun, 20 Jan 2008 01:29:57 +0000

using your method, the ‘synergyc macbook’ command simply bypasses the ssh tunnel, so nothing is actually being encrypted. I tested your method using Ettercap, and could see the unencrypted keystrokes being sent between the two machines.

David is correct, you need to use ‘synergyc localhost’. After using your method with ‘synergyc localhost’ instead, ettercap is now showing gibberish between the two machines, which is what we want.

By: Huygens

Huygens — Tue, 17 Apr 2007 13:15:16 +0000

There is an option you could add, though for the little traffic of key press and mouse movement it is not that necessary. The option is -C for ssh which request the client to compress all traffic with the server.
So when you create your tunnel, you do:
ssh -f -N -C -L 24800:synergy-server:24800 synergy-server

And as they stated above, you would have to call: synergyc -f localhost
Unless, you have set some aliases in the synergy configuration… But I’m not sure anymore how it is… Too long I did not use it!

Furthermore, you forgot to mention that the security issue is mention on Synergy web site and that they have a dedicated page concerning tunnelling the traffic through SSH: http://synergy2.sourceforge.net/security.html

And keep in mind that really few – actually used – protocol are encrypting their sensitive data for example when you are logging-in to your blog, the password is sent clear. Once logged-in, WP hash it in a cookie, so it is only plain readable upon log-in.

By: Ewan

Ewan — Tue, 17 Apr 2007 09:54:43 +0000

It won’t work as written – if macbook is defined (in /etc/hosts or elsewhere) as an alias for localhost then the ssh connection will also connect to localhost, not the remote ‘macbook’.

You’re ssh-ing and synergy-ing to the same place – either that’s localhost, or it’s the macbook. In neither case is this going to work as expected.

At the very least, if you’re doing something deeply cunning it’s not clear from the post what it is.

By: Ubuntu Tutorials

Ubuntu Tutorials — Tue, 17 Apr 2007 03:35:18 +0000

David – in my original writeup I did use localhost but I decided I wanted to keep that open for something else. Binding the address to macbook (or any other hostname) will still work. I did test it before I posted

By: David Parrish

David Parrish — Tue, 17 Apr 2007 01:28:42 +0000

Good idea, but the execution is *slightly* out. You’re running “synergyc macbook” at the end, but that won’t go over the ssh tunnel.

You need to do “synergyc localhost” to use the ssh tunnel.