This is hacker public radio episode 3755 for Friday the 23rd of December 2022.
Today's show is entitled, synergy over SSH.
It is hosted by Ken Fallen and is about 25 minutes long.
It carries a clean flag.
The summary is, control your other PC securely using synergy over SSH.
Hi everybody, my name is Ken Fallen and you are listening to another episode of hacker public
radio.
In today's show we are going to talk about installing synergy so that you can control the keyboard
the mouse of another computer securely over SSH.
Now this makes sense when you have keyboards next to each other so that you can at least
see the screen on the remote computer.
So to install synergy on both computers you need to do so as route depending on your
packet manager might be DNF space and install space synergy or on Debian-based systems
apt space and install space synergy and I'll leave it up to you to figure out how to install
that on the other platforms.
It also works on Windows and OSX.
So my setup the main PC is going to be called PC under score middle and this is the one
with the keyboard and mouse that we intend to use to control all the other computers.
So my setup I only have on other PC but you can have PCs on the rise left above below
in this virtual grid.
So in my case I've got one computer here and one computer there.
So the only other PC for me is the one on the right and I'm going to call it as a
imaginary to believe PC under score rise.
And during these instructions I will be clearly specifying which computer I'm doing what
action on so you can and need to keep that in mind apologies for the verbal descriptions.
So on the PC under score middle I'm creating a configuration file and I put that into my
home directory and I call a sub directory called edc slash synergy dashwork.com that just
happens to be the configuration file I use you can use whatever you like.
And there's a sort of I and I type configuration file that you need to follow.
First thing you need to do is have a section called on space screens and then underneath
that you need to specify the names of the computers that you're going to be controlling.
So I have PC under score middle colon and underneath that PC under score right column and underneath
that I have an end to end that section.
And then the next section I have is section colon space links.
And underneath that I have PC under score middle colon and underneath that I have right equals
PC under score right and then from PC right point of view and the next line PC under
score right column left equals PC under score middle and it goes that end section.
And what that links section does that tells you from the point of view of this PC middle
on my right is the PC whose name is PC right and then from the computer called PC
right and it's left is the computer called PC middle and you can see how you can build
this to be top bottom left right and a whole matrix.
So still on the PC middle I say the file and I'm going to add an entry to my SSH config file
on my home directory in my dot SSH config file if you don't have one you can create one.
And the entry is going to do two things one it's going to specify what the IP address is
of the other computer and then it's going to do our remote forward.
So I can create a virtual connection between the two computers.
So the three lines that you need to enter into your dot SSH slash config file are host
on space PC right then new line host name space on the IP address.
One, two, one, six, eight, zero dot one five always my example and then underneath that
remote forward space one two seven dot zero dot zero dot one colon two four eight zero zero
space one two seven dot zero dot zero dot zero dot one colon two four eight zero zero
and still on the PC underscore middle we're going to run synergy server but we're going
to do it in the foreground with debug enabled so the command is synergy s all one word
space dash dash debug space and that's in the location and then in the upper case debug
then everything else is in the location space dash dash no dash demon space dash dash server
space dash dash address space one two seven dot zero dot zero dot one and dash dash config
space tilde for such ETC for such synergy dash work dot conf which is the link to my
config file and then dash dash name space PC underscore middle and then dash dash log space
slash temp slash synergy work dot conf dot log and what that's command does is synergy server
calls server the debug sets the amount of information that you were going to display in this
case a lot because debug information we're going to go no demon which means it's going to continue
running in the foreground and not disappearing to the background we're going to start it as a server
so not a client and the address that the server is going to be listening on is one two seven dot zero
dot zero dot one so it's sitting there waiting listening on that on the local host and the
configuration file that's going to use is the one that we've just edited the one that says
the PC in the middle is on the is to the right of the other PC right and then PC right
sees the PC middle on its left and then when we run that we'll see stuff like opening
configuration configuration reads successfully x open display blah blah blah
starting server and then screen PC middle shape changed and then it stops because at that point
it's now waiting for connection to come in so we can double check that it's running on that PC
middle computer by typing net status space dash a np and we pipe that to grip
two four eight zero zero and if you run that as normal user you'll get an error message which
you can ignore but you'll see that it's listening on one two seven dot zero dot zero dot one
one two seven dot zero dot zero dot one and port number two four eight zero zero and it's accepting
it's going to reply back to wherever if zero dot zero dot zero dot zero which is which means
in this term I'm going to reply back to wherever it comes from so on the PC in the middle
we're going to connect to the PC on the right and we're going to do that and we type SSH space
PC underscore right and that will tell the SSH command to connect to that machine now it does
know about that so it'll go and look in its configuration file which we've changed earlier it
knows the whole stype address so it'll connect to that and then it'll do the special thing that
it will listen on the far side for commands and pipe them back through the pipe we'll talk
more about that later so on the PC on the right so we can either do this via the SSH connection
that we opened or better yes by going over and typing on its keyboard so if it's a laptop you
talk typing on the laptop keyboard of the second one the one that's on the right you type
synergy C which is the command for to start at the client we're going to go space dash dash
debug space uppercase i nfo and space dash dash no dash demon space dash dash name space
PC underscore right space one two seven dot zero dot zero dot one i what that's happening here is
you're starting synergy in the client board we're going to enable some debugging and in this
case we're just going to try and show info level debugging information because there's a
north a lot of people around full debugging again we're not going to run it as a no-dayman
so it's running in the foreground and we now need to tell it okay in this whole setup what name am i
and we've already configured it as PC on the right and we tell it to send its commands over
to one two seven dot zero dot zero dot one which is listening on the SSH tunnel and then you'll see
debug information like connecting to one two seven dot zero zero dot one and if all goes well you
see something like connected to server and then if you go back to PC middle you should see the
log that is connected opening you socket for a blah except a client connection receive
client PC right and the shape is this and the client PC right has connected so perfect so
just want to make a little note if you try to run the client synergy see over the SSH connection
so you're on your middle computer and you've connected to the other computer in order to start
the tunnel up over SSH you might try running the commands there if you do that you'll see the
connection correctly but when you move your mouse on from one screen with the hope that will jump
to the other one it won't do that will come back into the center and the reason for that is
to do it extra missions so that command we need to run the command to start the synergy
client it has to be on the keyboard of the session that you're on so if you want to control
a particular session you need to run the command from that session there's a way to get around that
but I found the easiest thing is you just go up in the morning you log in to that other computer
you start the client and then you go back to your main computer and for the rest of the day you
don't have to touch this other computer so where are we now have it so that when on the
middle PC when you move the keyboard when you move the mouse over to the other side it will
highlight programs on the other side just as if you're using them you can use the menu to start
a no pad application for example case if you're running kitty or some other mouse pad or whatever
and you can start typing on your middle keyboard and everything that you type will appear on the
other one so that is basically what we want to do and if you look at the logs on the PC
middle as you're doing that you'll see all sort of stuff like switching from PC middle to PC
rice leaving the screen moving over the keyboard updating the screen to this that in the next
thing and sending X screen saber commands etc so we now know it works because you're on this
on your PC middle and you can control PC rice so we can go over to the PC rice and that keyboard
within hold on control and press C which is the generic cancel unit in unix word world you
often use written as CTRL plus C and what that means is you hold on the control key keeping
it all held you press the C does matter if it's obligated to roll keys and that will terminate the
command now back there will terminate the client and then back on the middle PC which is still
running the server you'll see a debug information client PC right has disconnected closing socket
that they had opened earlier and we're now basically finished with that as well so you can hold
on the PC middle you can hold on you control and C to terminate the server as well so now that
everything is working correctly we can make it easier to start and it just does a by the Biden note
here there is a way within synergy to set up TLS or that your traffic is encrypted
I'm not doing that here because it's running over SSH there's already an encryption there so
if you want to do that they command that you'll need to enable is dash dash enabled dash crypto
and it is quite complicated to do due to the fact that the people who developed it
went closed open core blah blah blah on us so this is a reason to do SSH connections and the
SSH can totally is actually nicer because if you're on different networks even you can still
connect to the other computer using SSH via maybe a bastion host or something and in that case
you connect remotely to another computer and then you port forward via that then to your client
so if both computers can't talk to each other what you do is you have the middle PC connect to
central server via SSH and then you have the other PC on the right connect to that
remote server the same remote server and then you can forward your packets through that but
that's outside the scope of this exercise so as we saw before the client needs to be run
on the same physical access in that you need on the second computer so what we want to do now is
make things a little bit easier by making a bash script two bash scripts actually want to run
the client to want to run the server so we'll start on the PC on the right you can create a
bin directory if you don't have it in your home directory make your bin and then you can edit the
file using nano or something nano space till the forward slash bin for slash start dash
synergy client dot bash and then in that command in that empty file you type octetorp
which is the hash symbol or the pound symbol if you're in in US tiktoktecto you know the two lines
vertical two lines horizontal okay you type hash
exclamation mark force I pay in force I bash new line kill all space synergy c new line sleep space
two new line synergy c space dash dash name space PC right space one two seven dot zero dot zero dot
one enter exit zero so what that does first line tells us it's a bash file the second line
checks to see if there are other versions of synergy client running and kills them all
is then waits for two seconds to give area the system a chance to settle down
then it starts another synergy client with the name of PC right and one two seven dot zero dot zero
dot one and then it goes into the double go into the background and then it exits with a zero which is correct
so still on that computer on the PC right we allow the file to be executable by typing change mod
c h m o d sorry space plus x space tilde bin start dash synergy dash client dot bash
which is the name of the file that we used earlier if you use something different that's entirely up to you
so while we're over there we can we can basically run the file start dash synergy dash client
dot bash and it'll run and I usually I have encrypted hardest so first thing in the morning
I need to type in a password anyway so I turn on both computers type my password on PC underscore
right and then when the session comes up I run the command and then I basically leave that loan for the
rest of the day but if you want to do an automatically start thing there's a link in the
show notes learn dot hit a fruit dot com synergy dash on dash rush raspberry dash pi for such
setup dash synergy dash client dash auto start is it for me to say and that'll tell you how to do
it on one on raspberry pi but your system may be different so you're going to need to figure out how
to do it on your own system and again if you're logging in anyway having the type your password
all then you should you know it's easy just to type it now we're back to the middle PC again
and we're going to create a new file now no space tilde for such bin for such bash start dash synergy
dash server dot bash and in there we're going to paste the following stuff hash exclamation
mark for such bin for such bash you line server name equals synergy s now the reason I'm doing that
is because synergy server can be different but let's let's let's forget about that so again
I do a kill all synergy s for the server name and then I run synergy s space dash dash server space
dash dash address space one two seven dot zero dot zero dot one space dash dash config space
force tilde for such edc for such synergy dash work dot config space dash dash name space
pc underscore middle space dash dash log space force dash temp for slash synergy dash work dot
com dot log and I do some stuff to set the control keys and turn off the caps locks and that's
the last thing I have SSH PC underscore rice so again I can do change more than that file
and then once I log in first I log in on pc on the rice and then I log in on pc on the middle
and I run that command start synergy server dash and it opens a shell to the pc on the
rice which is fine because sometimes I need to do SSH stuff over there and it's easier locally
and but from there on I can also move my mouse over to the rice and little control
let keyboard over there which is sometimes handy and the reason I'm using this is if you're in
the case where you need to have two separate connections one for the lab a one for production and
you don't want to mess with anything then you have two separate systems there's no way of
days it can migrate from one to the other and that's kind of a useful way of doing it then the
production stuff is over on the production machine and your lab stuff is on your local machine
and you could also use it just for the loads for control and somebody else's keyboard
the mouse when they think they're gone nuts so I want to just have a side note here about
that special address one two seven that's your that's your one and talk to you about
how this actually works we we kind of alluded to it but I want to go into more a little bit more detail
that's address is also referred to as a loop back address or home or local host and it's usually
defined in slash ETC slash hosts so if you ever saw somebody with a tip t-shirt at a conference
that says there's no place like one two seven dot zero dot zero dot one that's what they
actually mean and the purpose of it is it's used by programs running on a given computer
to talk to each other so you can isolate say you have your own web server running on your local
computer and you can connect via browser on your local computer to that web server so if you set
up your server only to be listening locally on port one two seven dot zero dot zero dot one
on port eighty then you can open up a browser on your computer and type a one two seven dot zero dot
zero dot one and by default they port eighty is at us it'll go to the web server on your local
machine now if you're from Bob's next year on the same network tries to go to one two seven dot zero dot
one port eighty it's not going to go to your web server it's going to try and go to the web server
in its machine that's referred to on local host and it's an IP for network standard and it
reserves the entire block of one two seven dot zero dot zero dot zero for slash eight that's more
than sixteen million addresses for your loopback purposes so I'm even beginning with one two seven
is a local address so you can have one two seven dot one two three the four the one two not four
five six one two seven does one dot one dot five is also a loopback address equally one two seven
dot one two seven dot one two seven dot one two seven is also a loopback address but you want
to be a bit careful with that because some your server still needs to be listening to the address
that you're going to it's not a wild card that any particular address is there you you can have one
version of Apache listening on one two seven that's your dot zero dot one and another one listening
on one two zero zero that's your dot two for instance now if you find that a little bit confusing
just think of it like if you're talking to your boss and the boss says I'm going home now you
should also go home so what does that mean you're never going to get confused by that because
you know that what they're actually saying is I'm going to my home now and you should go to your home
now so when you're talking about home it's context the one exceptions of that of course is
if you're talking Irish people and they say are you going home for Christmas they don't actually
mean your home the mean are you going back to Ireland so there you go and that's that's just
something Irish people have to suffer and we we know about that so move on so what's happening here
is that the address one two seven dot zero dot zero dot one when we configure anything on the PC
middle is only available on the PC middle and equally when we configure something on the
and the configuration files on the PC on the rise and we talk about one two seven dot zero
to zero dot one we're only talking about the PC on the rise so there's a bit of
something missing to connecting the two and that's because the server so the server is listening
on the loop back address on one two seven dot zero to zero dot one on PC middle while the
client is sending to the loop back address on one two seven dot zero that's zero dot one and
is which is PC on the rise so the trick is the remote forward configuration line in when we
SSH from the PC on the middle to the PC on the rise and that's around is remote forward space
one two seven dot zero to zero dot one colon and the port number for synergy which uses two four
eight zero zero and one two seven dot zero to zero one two four eight zero zero so gone through
that in more detail that tells the remote in this case that's PC on the rise to listen on port
one I sorry two four eight zero zero so listen on port two four eight zero zero on its loop back address
and that's going to be where the client is going to be talking to then the SSH connection will
forward any packets to back to the remote from the remote to the PC in the middle and it'll
pop those out on port two four eight zero zero on its loop back address and that's the address
of the server so the client is sending down to its local address SSH is taking the packets and moving
them over to the other side and popping them out on the local address of the server computer
and into the port where it's listening very very cool actually when you think about it so that's
all I have to say about that if you have questions or comments or you feel you can improve this
input episode free of free to do so and also considering recording and show yourself so that's
it all round up by saying tune in tomorrow for another exciting episode of hacker
public the radio you have been listening to hacker public radio as hacker public radio does
work today show was contributed by a H bear in this night like yourself if you ever thought
of recording podcast click on our contribute link to find out how easy it means hosting
price we are has been kindly provided by an onsthost.com the internet archive and our sing.net
on the satellite stages they show is released on our creative comments attribution for
going to international license