secure synergy
now my previous post about keyboard and mouse sharing over network, is incomplete. Being a bit paranoid I do not like my keyboard-events, my clipboard and other data to be passed juste clearly over the network, so I added an ssh-layer:- installed cygwin with openssh on the windows machine.
- put the public ssh-key of my user on laptop into authorized_keys of desktop
- on laptop:
ssh desktopuser@desktop -L24801:localhost:24800 - on laptop:
synergyc localhost:24801
Now I can use this process (setting up ssh-tunnel, and running synergyc), so the configuration (at home, with desktop being iMac) can accept laptop, and without changes to the laptop, mouse of iMac might work too.
The phase of setting up the ssh-tunnel could try to discover what environment it is in (based upon ip-address received from dhcp-server, OR based upon successfull reaching that ssh-server):
I adapted the (in my earlier post introduced
synergyc_start script into:#!/bin/bash
while /bin/true; do
for host in worklogin@desktop-work homeuser@imac-home; do
ssh -L24801:localhost:24800 -f ${host} sleep 5;
[ ${?} = 0 ] && synergyc --no-restart --no-daemon localhost:24801;
done
done
So now that works fine, but hey, I don't want to add the root@laptop public-key to my authorized keys of my user@desktop.
I changed the script further, using a.o.
screen to run programs (in background) but allowing later access to their console.My new
syntergyc_start has been extended to allow root-invocation, but root will execute the ssh-command as sudo -u user:I also added an option so the command can be executed with argument
screen to retrieve the screen on console. The screen is also used to check whether there's an existing command running already.#!/bin/bash
# will start proxy-ssh-command in detached screen.
CLIENTNAME=laptopname;
if [ -z "${DISPLAY}" ]; then
echo "no DISPLAY variable set" >&2;
exit;
fi
if [ "$( id -n -u )" = "root" ]; then
SUDO="sudo -u laptopuser ";
screenname=root_synergy_proxy;
else
SUDO="";
screenname=user_synergy_proxy;
fi
case "$(hostname)" in
(${CLIENTNAME}|${CLIENTNAME}\.*)
proxycommand="while /bin/true; do
for host in DT1user@desktop1 DT2user@desktop2 DT3user@desktop3; do
${SUDO} ssh -L24801:localhost:24800 -f \${host} sleep 5;
[ \${?} == 0 ] && synergyc --no-restart --no-daemon localhost:24801;
done;
done;";
;;
(*)
# only allow invocation on configured machine.
echo "this script should only run on ${CLIENTNAME}.">&2;
exit;
;;
esac
#remove possible defunct screens
screen -wipe
#check for existing (running) screen
screen -list|grep -e '\<[0-9]\{1,\}\.'${screenname}'\>' >/dev/null 2>&1;
case "${?}" in
(0) # depending on existing screen, retrieve it (if requested)
[ $# -eq 1 ] && [ "$1" = "screen" ] && screen -dr ${screenname};
;;
(*) # launch the screen instruction (with screen on console if requested)
[ $# -eq 1 ] && [ "$1" = "screen" ] && resume="" || resume="-d -m";
screen ${resume} -S ${screenname} bash -c "${proxycommand}";
;;
esac;
Labels: cygwin, hardware, network, security
posted by Dieter @ 15:21
1 Comments:
now comes to my attention that when using Ubuntu 8.04, the synergyc-instruction should be executed as root (cfr http://www.ozymo.com/~chuck/blog/2008/03/07/ubuntu-804-hardy-heron-beta-testing/).
Post a Comment
<< Home