Added info about using SSH for authentication and encryption.
This commit is contained in:
crs
parent
116005d64f
commit
f0445295b5
23
FAQ
23
FAQ
|
|
@ -57,12 +57,31 @@ Answers
|
||||||
|
|
||||||
5. What security/encryption does synergy provide?
|
5. What security/encryption does synergy provide?
|
||||||
|
|
||||||
None. Synergy currently does no encryption or authentication.
|
Synergy provides no built-in encryption or authentication.
|
||||||
Given that, synergy should not be used on or over any untrusted
|
Given that, synergy should not be used on or over any untrusted
|
||||||
network, especially the Internet. It's generally fine for home
|
network, especially the Internet. It's generally fine for home
|
||||||
networks. Future versions will provide encryption and
|
networks. Future versions may provide built-in encryption and
|
||||||
authentication.
|
authentication.
|
||||||
|
|
||||||
|
Strong encryption and authentication is available through SSH
|
||||||
|
(secure shell). Run the SSH daemon (i.e. server) on the same
|
||||||
|
computer that you run the synergy server. It requires no
|
||||||
|
special configuration to support synergy. On each synergy
|
||||||
|
client system, run SSH with port forwarding:
|
||||||
|
|
||||||
|
ssh -f -N -L 24800:<server-hostname>:24800 <server-hostname>
|
||||||
|
|
||||||
|
where <server-hostname> is the name of the SSH/synergy server.
|
||||||
|
Once ssh authenticates itself, start the synergy client
|
||||||
|
normally except use `localhost' or `127.0.0.1' as the server's
|
||||||
|
address. SSH will then encrypt all communication on behalf of
|
||||||
|
synergy. Authentication is handled by the SSH authentication.
|
||||||
|
|
||||||
|
A free implementation of SSH for Linux and many Unix systems
|
||||||
|
called OpenSSH is available from http://www.openssh.com/. For
|
||||||
|
Windows there's a port of OpenSSH using Cygwin
|
||||||
|
(http://www.cygwin.com/).
|
||||||
|
|
||||||
6. What should I call my screens in the configuration?
|
6. What should I call my screens in the configuration?
|
||||||
|
|
||||||
You can use any unique name in the configuration file for each
|
You can use any unique name in the configuration file for each
|
||||||
|
|
|
||||||
36
INSTALL
36
INSTALL
|
|
@ -365,6 +365,42 @@ prevent a synergy client from synthesizing mouse and keyboard
|
||||||
input, though.
|
input, though.
|
||||||
|
|
||||||
|
|
||||||
|
Network Security
|
||||||
|
----------------
|
||||||
|
|
||||||
|
Synergy has no built-in support for encryption or authentication.
|
||||||
|
The server accepts connections from any computer. The server and
|
||||||
|
clients send all data unencrypted which means the clipboard and
|
||||||
|
mouse and keyboard events (e.g. typed passwords) are easily
|
||||||
|
examined by anyone listening on the network. Therefore, do not
|
||||||
|
run synergy on untrusted networks except as follows.
|
||||||
|
|
||||||
|
You can use SSH (secure shell) to provide strong authentication
|
||||||
|
and encryption to synergy without modifying either SSH or synergy.
|
||||||
|
On Linux and Unix a free implementation of SSH called OpenSSH is
|
||||||
|
available at http://www.openssh.com/. On Windows you can use the
|
||||||
|
Cygwin version of OpenSSH.
|
||||||
|
|
||||||
|
First, install the SSH server (sshd) on the computer running the
|
||||||
|
synergy server. Next, install the SSH client (ssh) on each
|
||||||
|
synergy client computer. Start the SSH and synergy servers
|
||||||
|
normally. Then, for each client, start the SSH client with port
|
||||||
|
forwarding:
|
||||||
|
|
||||||
|
ssh -f -N -L 24800:<server-hostname>:24800 <server-hostname>
|
||||||
|
|
||||||
|
where <server-hostname> is the name or address of the SSH and
|
||||||
|
synergy server host. 24800 is the default synergy port; replace
|
||||||
|
it with whichever port you use if you don't use the default. Once
|
||||||
|
ssh authenticates with the server, start the synergy client as
|
||||||
|
usual except use `localhost' or `127.0.0.1' for the server
|
||||||
|
address. Synergy will then pass all communication through SSH
|
||||||
|
which encrypts it, passes it over the network, decrypts it, and
|
||||||
|
hands it back to synergy. Authentication is provided by SSH's
|
||||||
|
authentication.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Common Command Line Options
|
Common Command Line Options
|
||||||
---------------------------
|
---------------------------
|
||||||
-d, --debug <level> use debugging level <level>
|
-d, --debug <level> use debugging level <level>
|
||||||
|
|
|
||||||
5
README
5
README
|
|
@ -240,6 +240,11 @@ Tips and Tricks
|
||||||
* A client's keyboard and mouse are fully functional while synergy is
|
* A client's keyboard and mouse are fully functional while synergy is
|
||||||
running. You can use them in case synergy locks up.
|
running. You can use them in case synergy locks up.
|
||||||
|
|
||||||
|
* Strong authentication and encryption is available by using SSH. See
|
||||||
|
the INSTALL file for more information. Synergy does not otherwise
|
||||||
|
provide secure communications and it should not be used on or over
|
||||||
|
untrusted networks.
|
||||||
|
|
||||||
|
|
||||||
Bug Reports
|
Bug Reports
|
||||||
-----------
|
-----------
|
||||||
|
|
|
||||||
3
TODO
3
TODO
|
|
@ -54,7 +54,8 @@ Then there are major new features:
|
||||||
|
|
||||||
* Add encryption and authentication
|
* Add encryption and authentication
|
||||||
|
|
||||||
Make synergy is safe to use on untrusted networks.
|
Make synergy is safe to use on untrusted networks. Using synergy
|
||||||
|
through SSH can provide this until synergy has it built-in.
|
||||||
|
|
||||||
* Support for limited drag and drop between systems
|
* Support for limited drag and drop between systems
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue