Added info about using SSH for authentication and encryption.

FAQ

@@ -57,12 +57,31 @@ Answers
 
 5.  What security/encryption does synergy provide?
 
-    None.  Synergy currently does no encryption or authentication.
+    Synergy provides no built-in encryption or authentication.
     Given that, synergy should not be used on or over any untrusted
     network, especially the Internet.  It's generally fine for home
-    networks.  Future versions will provide encryption and
+    networks.  Future versions may provide built-in encryption and
     authentication.
 
+    Strong encryption and authentication is available through SSH
+    (secure shell).  Run the SSH daemon (i.e. server) on the same
+    computer that you run the synergy server.  It requires no
+    special configuration to support synergy.  On each synergy
+    client system, run SSH with port forwarding:
+
+        ssh -f -N -L 24800:<server-hostname>:24800 <server-hostname>
+
+    where <server-hostname> is the name of the SSH/synergy server.
+    Once ssh authenticates itself, start the synergy client
+    normally except use `localhost' or `127.0.0.1' as the server's
+    address.  SSH will then encrypt all communication on behalf of
+    synergy.  Authentication is handled by the SSH authentication.
+
+    A free implementation of SSH for Linux and many Unix systems
+    called OpenSSH is available from http://www.openssh.com/.  For
+    Windows there's a port of OpenSSH using Cygwin
+    (http://www.cygwin.com/).
+
 6.  What should I call my screens in the configuration?
 
     You can use any unique name in the configuration file for each

INSTALL

@@ -365,6 +365,42 @@ prevent a synergy client from synthesizing mouse and keyboard
 input, though.
 
 
+Network Security
+----------------
+
+Synergy has no built-in support for encryption or authentication.
+The server accepts connections from any computer.  The server and
+clients send all data unencrypted which means the clipboard and
+mouse and keyboard events (e.g. typed passwords) are easily
+examined by anyone listening on the network.  Therefore, do not
+run synergy on untrusted networks except as follows.
+
+You can use SSH (secure shell) to provide strong authentication
+and encryption to synergy without modifying either SSH or synergy.
+On Linux and Unix a free implementation of SSH called OpenSSH is
+available at http://www.openssh.com/.  On Windows you can use the
+Cygwin version of OpenSSH.
+
+First, install the SSH server (sshd) on the computer running the
+synergy server.  Next, install the SSH client (ssh) on each
+synergy client computer.  Start the SSH and synergy servers
+normally. Then, for each client, start the SSH client with port
+forwarding:
+
+  ssh -f -N -L 24800:<server-hostname>:24800 <server-hostname>
+
+where <server-hostname> is the name or address of the SSH and
+synergy server host.  24800 is the default synergy port;  replace
+it with whichever port you use if you don't use the default.  Once
+ssh authenticates with the server, start the synergy client as
+usual except use `localhost' or `127.0.0.1' for the server
+address.  Synergy will then pass all communication through SSH
+which encrypts it, passes it over the network, decrypts it, and
+hands it back to synergy.  Authentication is provided by SSH's
+authentication.
+
+
+
 Common Command Line Options
 ---------------------------
   -d, --debug <level>   use debugging level <level>

README

@@ -240,6 +240,11 @@ Tips and Tricks
 * A client's keyboard and mouse are fully functional while synergy is
   running.  You can use them in case synergy locks up.
 
+* Strong authentication and encryption is available by using SSH.  See
+  the INSTALL file for more information.  Synergy does not otherwise
+  provide secure communications and it should not be used on or over
+  untrusted networks.
+
 
 Bug Reports
 -----------

TODO

@@ -54,7 +54,8 @@ Then there are major new features:
 
 * Add encryption and authentication
 
-  Make synergy is safe to use on untrusted networks.
+  Make synergy is safe to use on untrusted networks.  Using synergy
+  through SSH can provide this until synergy has it built-in.
 
 * Support for limited drag and drop between systems