Synergy with ssh tunnels

Synergy is a fantastic software KVM option for those of us with multiple computers/screens at our desk that want to maintain a single set of input devices (mouse/keyboard). No need for me to go into all of the details here (I mean, you can read, right?) but sufficed to say, you run the software on each machine (Linux/Mac/Win options available), it talks to eachother, and you can seamlessly move your mouse from one screen to the other like magic.

But, this magic comes with a price — you can be sniffed on your LAN (potentially). The good folks at synergy suggest that they will have some built in options for encryption in the future, but for now your best bet is likely to setup an SSH tunnel. Mind you, this assumes that one of your machines is capable of running sshd, and setting that up is beyond the scope of this quick post, but hopefully you can figure it out. In fact, I’m sure you can. You’re swell.

Setup Overview

Server: Ubuntu 14.04 (this is the machine that has the input devices plugged into it)
Client: Windows 8.1

Download the latest version of synergy for each Operating System, and install (but don’t configure yet)

My ubuntu workstation is my Server, so sshd is good to go. Just need to setup a persistent ssh tunnel from my windows client to it. There are tons of options for this, but I’ve had good luck in the past with Bitvise SSH Client Tunnelier. It’s terribly simple to setup and does a decent job of maintaining the connection. And it’s free. Go in and setup the normal details to connect to your server, and then explore the options a bit so that it works as you’d expect. Then you’ll want to setup a “C2S” configuration (client to server) for some port forwarding action. Here’s what mine looks like:


After it looks good, go ahead and save the profile so you can set it up as a service later.

Now all you need to do is update your Client (windows, in my case) to use the Server IP of “localhost”, and it will automatically connect via your nice SSH tunnel. Now no one else on your team will be able to sniff your traffic and realize you are using really weak passwords on all of those websites. Worth it!

Service Startup

You probably want to start synergy on your client automatically so you never have to reach for a keyboard. Bitvise has some suggestions, I chose to use NSSM. Here’s the quick rundown:

  1. Open cmd (as administrator), navigate to directory where you placed nssm.exe (I moved it to C:\ because I’m lazy and I won’t accidentally nuke it there)
  2. cmd> nssm.exe install ssh-tunnel
  3. Follow the GUI to point the path to BvSsh.exe, and give it the arguments of -profile=your-saved-profile-name -loginOnStartup
  4. important: you MUST set the service to startup as your account name and not the Local System account. Otherwise it won’t work.

I suggest watching your system logs on your sshd box to verify that clicking “start service” makes it login properly. Once you see a good auth, go ahead and reboot your windows client and watch the magic happen.

Leave a Reply

Your email address will not be published. Required fields are marked *