So, I can finally use synergy securely in Thornbrough now.
- install synergy
- I need to install synergy. However, I'm a mere user on Ubuntu Feisty, and I can't compile it. Compilation complains about a missing Xtst library, which is present in a fashion, and which I can persuade it through any means known to me to detect it. However, it's not very necessary, as I can download the .deb via http://packages.ubuntu.com and use dpkg -x to extract it into my $HOME/local. Yay.
- configure synergy
- This was simple. I copied the example configure file I had extracted to $HOME/.synergy.conf and set the right hostnames.
- secure it
- The synergy website recommends, on the clients, forwarding the server's port locally to the synergy server host via SSH, and then connecting the client to the server 'locally' (the traffic of which is all sent encrypted over the wire/air).
ssh -f -N -L 24800:server-hostname:24800 server-hostname
That's a great idea, except that the machines here don't have sshd installed. Consequently, I can't log into the synergy server host to forward the port. - install sshd
- Alright, back to packages.ubuntu.com, download openssh-server, and extract it to $HOME/local. Try to run - uh oh, this will require some configuration.
- configure sshd
-
-
sshd re-exec requires execution with an absolute path
So, first, it needs to be run via its absolute path. Alright, create a wrapper script in $HOME/local/bin to it. -
/etc/ssh/sshd_config: No such file or directory
Then, it needs to find a configuration file. Let's add an empty $HOME/local/etc/ssh/sshd_config and pass it as an argument to sshd's -f option in my wrapper script. -
Could not load host key: /etc/ssh/ssh_host_key Could not load host key: /etc/ssh/ssh_host_rsa_key Could not load host key: /etc/ssh/ssh_host_dsa_key Disabling protocol version 1. Could not load host key Privilege separation user sshd does not exist
Now, there's no host keys found. Alright, let's use ssh-keygen to generate some.ssh-keygen -f $HOME/local/etc/ssh/ssh_host_rsa_key
And specify the file location in the config file. -
Disabling protocol version 1. Could not load host key Privilege separation user sshd does not exist
Hmm, it's complaining that it can't find one for protocol 1. Let's tell it to use protocol 2. -
Privilege separation user sshd does not exist
Can't use privilege separation because of no user sshd, eh? I guess we'll have to do without :( Add another config line. -
Silent death? Try '-D -e' options.
Bind to port 22 on 0.0.0.0 failed: Permission denied. Cannot bind any address.
Right, can't bind to port 22 as a stupid user. Well, there's plenty of ports I can bind to (like 3636). Another line in the config. - Still fails, '-D -e' again.
Couldn't create pid file "/var/run/sshd.pid": Permission denied
Alright, I bet I can change the PID file path in the config - yup, set a new line. - Just for the heck of it, let's say yes to PubkeyAuthentication and X11Forwarding, just in case.
-
- run sshd
- Finally, everything seems to work. I have to add `-p 3636` to the ssh forwarding statement to ensure it can find the port I'm using for the sshd server. I run sshd with '-D -e' so I can see any errors.
- run synergys
- Runs as normal on the server host (the one with the keyboard and mouse to be shared)
- run synergyc
- On the clients (the ones whose keyboards don't matter)
$ ssh -f -N -L 24800:SYNSERVERHOSTNAME:24800 SYNSERVERHOSTNAME -p 3636 $ synergyc -f localhost
For those it might interest, here's my final sshd_config file, mildly censored.
Port 3636 Protocol 2 UsePrivilegeSeparation no HostKey /path/to/my/ssh_host_rsa_key X11Forwarding yes PidFile /path/to/some/user/writable/run/sshd.pid PubkeyAuthentication yes
And here is my sshd wrapper
#!/bin/sh $HOME/local/usr/sbin/sshd -e -f $HOME/local/etc/ssh/sshd_config "$@"
For those not in the know, $@ in bash matches arguments I passed to the script. '-e' is to print to stderr rather than the syslog.
No comments:
Post a Comment