15 Mar 2007

Synergy - two screens, two OSes

At work I need both Windows and Linux. So I've had a KVM switchbox from blackbox to easily switch between Windows and Linux. The KVM switch is showing it's age, since the display has lately become somewhat fuzzy. Recently I received two new LCD screens, and I decided to get rid of the old fuzzy KVM-switch. I wanted to try out Synergy - which enables two or more screens to be connected to different computers using one mouse and keyboard.

It relies on a client/master software to be installed on each computer. The computer where the mouse and keyboard are (physically) connected are the master. The client(s) then talks to the master over the network. When my mouse pointer leaves my Windows screen, it enters my Linux screen to the right seamlessly. The master then sends all mouse and keyboard signals to the correct host. The keyboard follow the mouse, so when my mouse pointer is on Linux so is my keyboard.

You'll get some nice, and a little bizarre, properties like cut'n'paste between Linux and Windows(!). Another nice feature is the ability to "lock" onto one screen by pressing "Scroll Lock".

Installation is a breeze. On Windows it's just click and install. On Linux, synergy can be found in both Fedora and Debian/Ubuntu packet repositories:

 $ apt-get install synergy

My keyboard and mouse are connected to my Widows computer, so that one is master. Linux is client. First I configure Windows and determine where my screens are (Windows to the left, Linux to the right). Then it's just to fire up synergy:

$ synergyc -f -n lin1016 192.168.3.125
INFO: synergyc.cpp,716: Synergy client 1.3.1 on Linux 2.6.18-1.2239.fc5 #1 Fri Nov 10 13:04:06 EST 2006 i686
DEBUG: CXWindowsScreen.cpp,840: XOpenDisplay(":0.0")
DEBUG: CXWindowsScreenSaver.cpp,339: xscreensaver window: 0x00a00001
DEBUG: CXWindowsScreen.cpp,110: screen shape: 0,0 1280x1024
DEBUG: CXWindowsScreen.cpp,111: window is 0x01400004
DEBUG: CScreen.cpp,38: opened display
NOTE: synergyc.cpp,330: started client

Debug messages when leaving and entering Linux:

INFO: CScreen.cpp,116: leaving screen
DEBUG: CXWindowsClipboard.cpp,313: open clipboard 1
DEBUG: CXWindowsClipboard.cpp,348: close clipboard 1
INFO: CScreen.cpp,98: entering screen

Debug messages when leaving Linux, copy something to the Windows clipboard:

INFO: CScreen.cpp,116: leaving screen
DEBUG: CXWindowsClipboard.cpp,313: open clipboard 1
DEBUG: CXWindowsClipboard.cpp,493: ICCCM fill clipboard 1
DEBUG: CXWindowsClipboard.cpp,512:   available targets: TIMESTAMP (386), TEXT (406),
COMPOUND_TEXT (260), STRING (31), TARGETS (384), LENGTH (468), DELETE (407), FILE_NAME (471),
CHARACTER_POSITION (472), LINE_NUMBER (473), COLUMN_NUMBER (474), OWNER_OS (467),
HOST_NAME (475), USER (463), CLASS (464), NAME (465), ATOM (4), INTEGER (19)
DEBUG: CXWindowsClipboard.cpp,555:   added format 0 for target STRING (31) (6 bytes)
DEBUG: CXWindowsClipboard.cpp,348: close clipboard 1

But there is one serious problem with this setup. Every keystroke are transmitted unencrypted between the master and client! So a potential eavesdropper could easily sniff all my password entered on Linux. To prevent that, we can tunnel all synergy traffic through SSH.

So, I download Windows version of OpenSSH server from http://sshwindows.sourceforge.net/. It hasn't been updated in a while, but works nicely here on my Win2K computer. I make sure SSH server automatically starts at boot and tries to log in.

Hm. No login? Time to read some documentation. Ok, here we go: Since SSH are based on Cygwin, it needs to extract user data from AD:

  C:\Program Files\OpenSSH\bin>mkgroup -d ..\etc\group
  C:\Program Files\OpenSSH\bin>mkpasswd -d ..\etc\passwd

Try again. Much better:

$ ssh 192.168.3.125

                            ****USAGE WARNING****

This is a private computer system. This computer system, including all
related equipment, networks, and network devices (specifically including
Internet access) are provided only for authorized use. This computer system
may be monitored for all lawful purposes, including to ensure that its use
is authorized, for management of the system, to facilitate protection against
unauthorized access, and to verify security procedures, survivability, and
operational security. Monitoring includes active attacks by authorized entities
to test or verify the security of this system. During monitoring, information
may be examined, recorded, copied and used for authorized purposes. All
information, including personal information, placed or sent over this system
may be monitored.

Use of this computer system, authorized or unauthorized, constitutes consent
to monitoring of this system. Unauthorized use may subject you to criminal
prosecution. Evidence of unauthorized use collected during monitoring may be
used for administrative, criminal, or other adverse action. Use of this system
constitutes consent to monitoring for these purposes.


nblks1@192.168.3.125's password:
CMD.EXE was started with '\\XXXXXX\nblks1$' as the current directory path. 
UNC paths are not supported.  Defaulting to Windows directory.
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\WINNT>

Great. Now it's just to set up a tunnel and tell synergy to connect to localhost:

$ ssh -f -N -L 24800:192.168.3.125:24800 192.168.3.125
$ synergyc -n lin1016 localhost
INFO: synergyc.cpp,716: Synergy client 1.3.1 on Linux 2.6.18-1.2239.fc5 #1 Fri Nov 10 13:04:06 EST 2006 i686
DEBUG: CXWindowsScreen.cpp,840: XOpenDisplay(":0.0")
DEBUG: CXWindowsScreenSaver.cpp,339: xscreensaver window: 0x00a00001
DEBUG: CXWindowsScreen.cpp,110: screen shape: 0,0 1280x1024
DEBUG: CXWindowsScreen.cpp,111: window is 0x01400004
DEBUG: CScreen.cpp,38: opened display
NOTE: synergyc.cpp,330: started client

I've enabled both OpenSSH and Synergy to start automatically at boot on Windows. But since I'm tunneling through SSH and other users may use this workspace (and desktops), there no easy way of enabling Synergy automatic without manually typing password. One solution is to use a shared user with ssh-certificates, but neither I nor the security policy permits that. Instead I create a small script that fires up the ssh tunnel and synergy at login. Since it's called from ".xsession" it do need a keyboard on my Linux to type the SSH password - but I can live with that:

$ cat ~/bin/syn.sh
#/bin/sh
xhost +localhost
echo "Setting up ssh-tunnel"
ssh -f -N -L 24800:192.168.3.125:24800 192.168.3.125
echo "Starting synergy"
synergyc -n lin1016 localhost
echo "Remember to shut down the ssh tunnel before you log out!"
sleep 5
$ cat ~/.xsession
...
~/bin/syn.sh
...

No comments: