Part I – The Synergetic Way
Synergy is high there on the list of software I don’t know how I could have been productive without. There is one huge obvious elephant in the room when it comes to Synergy, though: the security model, or lack of one really. Not only that every key press travels in clear text over the network it does not even authenticate clients nor servers.
Bottom line there is no security to talk about: Synergy is one big flying security vulnerability. Lucky me: there are ways to add an after-thought security to a deployed solution.
But first allow me to spell out my motivation: as usual I’m trying to make the technology work just like I want it to. See I carry work home and I carry it in a form of a Laptop running windows. I also have a MacBook Pro as my primary system at home connected to a 24″ Dell UltraSharp 24FPW hooked up via a DVI, I’d like my Windows Laptop to be connected to the VGA port on the same monitor so I could use the 24″ screen real estate to do some work. Now I’d like to do that such that all I need to do is dock my Windows XP and use my existing Mouse, Keyboard and obviously the monitor. When I disconnect the XP Laptop I would like to just undock it shove it to my bag and go without hassle and leaving my MacBook fully connected. The XP Laptop is connecting to the network via my home wireless network – so some encryption/authentication would not be a bad idea. I could have spare the effort and fall back to use Cord but the VPN software I use just refuses to authenticate when I just remote in, besides why push all those pixels via the network when I can be connected directly via VGA?
So I’ve decided to use synergy to control the XP mouse when my Mac is serving as a synergy server and tunnel this via stunnel. Now all I have to do in order to use the XP Laptop is: dock it, press the power button ( wake it up) and then switch inputs by pressing a button at the front of the monitor .
A couple of gotcha I’ve hit even before getting to the stunnel part:
When testing synergy I’ve hit a problem where if the machine would auto-lock I wouldn’t be able to get to feed a password in to log. ctrl-alt-del had no effect.
examining the logs I’ve noticed the following error:
DEBUG: emulating ctrl+alt+del press
DEBUG: can't open Winlogon desk: 5
to make a long story short it turns out that under windows NT and descendants the screen saver and the login windows are running under a different desktop each,
Here’s what MSDN has to say:
By default, there are three desktops in the interactive window station: Default, ScreenSaver, and Winlogon.
The only way Synergy is able to interact with the Winlogon Desktop is if it runs as a systems service. This means that under windows when configuring Synergy’s Auto Start one has to choose to have “synergy start automatically when the computer does”
. If the synergy server restarts this means for whatever reason that the client will loose access to the Winlogon Desktop.
So there shouldn’t be any problem to login if synergy runs as a system service and the synergy client is not restarted, the ctrl-alt-del combination should just work.
However if the screensaver kicks in I’m unable to dismiss it with synergy driven input device, this is something that I have not yet found a direct solution to.
I did, however found a workaround.
Later I also discovered that the synergy server running on the OSX must run as root.
Another Issue I have seen is what I had to call ‘alt-key at half-duplex’,
I’ve tried to solicit some help from superusers , here is an extract of the longish description:
the alt key does not function as a modifier at all by that I mean: if to use notepad as an example:
If I press alt and release it then the first menu item gets highlighted and I can press ‘f’ and get the file menu (this is a normal behavior). However if I’m holding down alt and then simultaneously press ‘f’ I get the first menu item highlighted. this is not a normal effect of this key combination, with a properly functioning alt key the file menu would have been displayed.
It turns out this is easily solvable by upgrading to the Mac OSX beta version (1.5) of synergy server.
Here is the synergy.conf I’m using on the server:
right = mcradleXP
left = mcradles-macbook-pro.local
In the next post I’ll start covering the security aspect and how to tunnel synergy via stunnel.