Added info about using SSH for authentication and encryption.
This commit is contained in:
parent
116005d64f
commit
f0445295b5
23
FAQ
23
FAQ
|
@ -57,12 +57,31 @@ Answers
|
|||
|
||||
5. What security/encryption does synergy provide?
|
||||
|
||||
None. Synergy currently does no encryption or authentication.
|
||||
Synergy provides no built-in encryption or authentication.
|
||||
Given that, synergy should not be used on or over any untrusted
|
||||
network, especially the Internet. It's generally fine for home
|
||||
networks. Future versions will provide encryption and
|
||||
networks. Future versions may provide built-in encryption and
|
||||
authentication.
|
||||
|
||||
Strong encryption and authentication is available through SSH
|
||||
(secure shell). Run the SSH daemon (i.e. server) on the same
|
||||
computer that you run the synergy server. It requires no
|
||||
special configuration to support synergy. On each synergy
|
||||
client system, run SSH with port forwarding:
|
||||
|
||||
ssh -f -N -L 24800:<server-hostname>:24800 <server-hostname>
|
||||
|
||||
where <server-hostname> is the name of the SSH/synergy server.
|
||||
Once ssh authenticates itself, start the synergy client
|
||||
normally except use `localhost' or `127.0.0.1' as the server's
|
||||
address. SSH will then encrypt all communication on behalf of
|
||||
synergy. Authentication is handled by the SSH authentication.
|
||||
|
||||
A free implementation of SSH for Linux and many Unix systems
|
||||
called OpenSSH is available from http://www.openssh.com/. For
|
||||
Windows there's a port of OpenSSH using Cygwin
|
||||
(http://www.cygwin.com/).
|
||||
|
||||
6. What should I call my screens in the configuration?
|
||||
|
||||
You can use any unique name in the configuration file for each
|
||||
|
|
36
INSTALL
36
INSTALL
|
@ -365,6 +365,42 @@ prevent a synergy client from synthesizing mouse and keyboard
|
|||
input, though.
|
||||
|
||||
|
||||
Network Security
|
||||
----------------
|
||||
|
||||
Synergy has no built-in support for encryption or authentication.
|
||||
The server accepts connections from any computer. The server and
|
||||
clients send all data unencrypted which means the clipboard and
|
||||
mouse and keyboard events (e.g. typed passwords) are easily
|
||||
examined by anyone listening on the network. Therefore, do not
|
||||
run synergy on untrusted networks except as follows.
|
||||
|
||||
You can use SSH (secure shell) to provide strong authentication
|
||||
and encryption to synergy without modifying either SSH or synergy.
|
||||
On Linux and Unix a free implementation of SSH called OpenSSH is
|
||||
available at http://www.openssh.com/. On Windows you can use the
|
||||
Cygwin version of OpenSSH.
|
||||
|
||||
First, install the SSH server (sshd) on the computer running the
|
||||
synergy server. Next, install the SSH client (ssh) on each
|
||||
synergy client computer. Start the SSH and synergy servers
|
||||
normally. Then, for each client, start the SSH client with port
|
||||
forwarding:
|
||||
|
||||
ssh -f -N -L 24800:<server-hostname>:24800 <server-hostname>
|
||||
|
||||
where <server-hostname> is the name or address of the SSH and
|
||||
synergy server host. 24800 is the default synergy port; replace
|
||||
it with whichever port you use if you don't use the default. Once
|
||||
ssh authenticates with the server, start the synergy client as
|
||||
usual except use `localhost' or `127.0.0.1' for the server
|
||||
address. Synergy will then pass all communication through SSH
|
||||
which encrypts it, passes it over the network, decrypts it, and
|
||||
hands it back to synergy. Authentication is provided by SSH's
|
||||
authentication.
|
||||
|
||||
|
||||
|
||||
Common Command Line Options
|
||||
---------------------------
|
||||
-d, --debug <level> use debugging level <level>
|
||||
|
|
5
README
5
README
|
@ -240,6 +240,11 @@ Tips and Tricks
|
|||
* A client's keyboard and mouse are fully functional while synergy is
|
||||
running. You can use them in case synergy locks up.
|
||||
|
||||
* Strong authentication and encryption is available by using SSH. See
|
||||
the INSTALL file for more information. Synergy does not otherwise
|
||||
provide secure communications and it should not be used on or over
|
||||
untrusted networks.
|
||||
|
||||
|
||||
Bug Reports
|
||||
-----------
|
||||
|
|
3
TODO
3
TODO
|
@ -54,7 +54,8 @@ Then there are major new features:
|
|||
|
||||
* Add encryption and authentication
|
||||
|
||||
Make synergy is safe to use on untrusted networks.
|
||||
Make synergy is safe to use on untrusted networks. Using synergy
|
||||
through SSH can provide this until synergy has it built-in.
|
||||
|
||||
* Support for limited drag and drop between systems
|
||||
|
||||
|
|
Loading…
Reference in New Issue