27 August 2007

More on Synergy

I setup Synergy again. This time with my Mac Laptop as the server, and then my Windows desktop as the client. The Mac being the server made it where I still had my nice input device functionality in OS X and also now in Windows! It also avoided some Synergy client bugs like my screen saver Hot Corner ceasing to work, and the screen savers not syncronizing. They still don't synchronize unlocking, but at least the Windows screen saver starts when I start the OS X one.

There are various obstacles to overcome with this setup, however:

Problem 1: Synergy is not secure. All traffic is passed in plain text, so if I needed to type a password on the client, it would go across the network in plain text. This is not acceptable for my setup.

Solution 1: Setup an SSH tunnel between my desktop and my laptop. The MacBook laptop is the SSH server, and the Windows Desktop is the SSH client. After getting the initial setup working, I then took extra security hardening steps to make sure no one else could connect. These included turning off passworded logins (using only key-based logins), and creating an /etc/hosts.allow that denied all ssh connections except from my Windows desktop. (Yes, you can do it all just from hosts.allow.)

Problem 2: I need to be able to disconnect my laptop and take it somewhere else, then have it automatically reconnect when I hook it back up in my office. While the Synergy client keeps trying to reconnect, SSH tunnels may not. Also, SSH tunnels typically don't start until you log into Windows. That would mean I'd have to hook the keyboard up to the Windows desktop, log in, then hook the keyboard up to the Mac to use synergy. That kind of keyboard swapping is not acceptable either.

Solution 2: This is a fairly complicated setup, and not for the faint of heart. The use of plink from the PuTTY ssh programs in combination with the a program from the Windows 2003 Resource Kit (my desktop is running XP Pro) called AutoExNT allows me to start an SSH tunnel when Windows starts. Using an infinite loop and a sleep inside the batch file that starts the connection, I can have it retry the connection every so often so that if I take my laptop (and break the connection) and bring it back, it will automatically reconnect the SSH tunnel. You have to also set Synergy up to connect at system startup rather than at login, but that part is just a few clicks. Using this setup, I can reboot the Windows machine and move the mouse over to the Windows screen and hit Ctrl-Alt-Delete to log in over Synergy. I can also take my laptop home and bring it back, and Synergy automatically reconnects securely!

All in all, this is a lot of work to setup, but after the initial pain of setup, it's nice to be able to just plug everything up and it just works. :)

No comments: