By itself, Synergy is completely insecure. However, it's easy enough to secure through the use of SSH tunnels. There are lots of tutorials for setting up Synergy through a tunnel, but I didn't find any that suit the HTPC use case I have. To use it with an HTPC, the Synergy server needs to be running on the laptop since that's where the keyboard and mouse is that you'd like to share across various computers.
Typically tutorials will have you create tunnels from the Synergy client computers to the Synergy server computer where
sshdis also running. Since my Synergy server is a laptop, I don't want to run
sshdon it. Instead, I have
sshdrunning on my HTPC. To make that work, you need a reverse SSH tunnel:
ssh -f -R 24800:localhost:24800 htpcInstead of forwarding connections from my laptop to the HTPC, this forwards connections from the HTPC to the laptop. When the Synergy client connects to localhost:24800 on the HTPC, it will be forwarded to
localhost:24800on the laptop. To make that work, you'll need to edit
/etc/ssh/sshd_configby adding this to the end:
GatewayPorts yes AllowTcpForwarding yes # Not strictly necessary, the default is yes.Next you'll need a
synergy.conffor your laptop. Here's mine:
section: screens laptop: htpc: end section: links laptop: up = htpc htpc: down = laptop endFinally, here's the script I use to make setting up the connection quick and easy:
synergys -a localhost -c ~/synergy.conf ssh -f -R 24800:localhost:24800 htpc 'synergyc localhost:24800 && sleep 28800'The sleep is in there so that the connection stays open for a few hours. Here's why this configuration is secure:
- The Synergy server (synergys) on my laptop is bound to the loopback interface. That means that if I accidentally leave it running and then go online in a coffee shop, no one can connect to it.
- I don't run
sshdon the laptop which reduces the coffee shop attack surface.