Hi everybody, my name is Ken Fallon and you're listening to another episode of Hacker Public Radio.
In today's show we're going to talk about installing synergy so that you can control the
keyboard and mouse of another computer securely over SSH. Now this makes sense when you have keyboards
next to each other so that you can at least see the screen on the remote computer. So to install
synergy on both computers you need to do so as route depending on your packet manager
might be DNF space and Stole space synergy or on Debian-based systems apt space and Stole space
synergy and I'll leave it up to you to figure out how to install that on the other platforms.
It also works on Windows and OSX. So my setup the main PC is going to be called PC under score
middle and this is the one with the keyboard and mouse that we intend to use to control all the other
computers. So I set up I only have one other PC but you can have PCs on the right left above below
in this virtual grid. So in my case I've got one computer here, I'm one computer there.
So the only other PC for me is the one on the right and I'm going to call that a
madness to bleep PC under score rise and during these instructions I will be clearly
specifying which computer I'm doing what action on. So you kind of need to keep that in mind
apologies for the verbal descriptions. So on the PC under score middle I'm creating a configuration file
and I put that into my home directory and I call a sub directory called edc slash synergy-work.com
that just happens to be the configuration file I use you can use whatever you're like.
And there's a sort of i and i type configuration file that you need to follow.
First thing you need to do is have a section colon space screens and then
underneath that you need to specify the names of the computers that you're going to be
controlling. So I have PC under score middle colon and underneath that PC under score rise
colon and underneath that I have an end to end that section. And then the next section I have
is section colon space links and underneath that I have PC under score middle colon and underneath
that I have right equals PC under score right and then from PC right point of view and the next
line PC under score right colon left equals PC under score middle and it rules that end section.
And what that links section does that tells you from the point of view of this PC middle
on my right is the PC whose name is PC right and then from the computer called PC right
and it's left is the computer called PC middle and you can see how you can build this to be
top bottom left right and the whole matrix. So still on the PC middle I say the file
and I'm going to add an entry to my SSH config file in my home directory in my dot SSH config file
if you don't have one you can create one and the entry is going to do two things one it's
going to specify what the IP address is of the other computer and then it's going to do our
remote forward so I can create a virtual connection between the two computers. So the three lines
that you need to enter into your dot SSH slash config file are host space PC right
then new line host name space on the IP address one i two one six eight zero dot one five
always my example and then underneath that remote forward space one two seven dot zero dot zero
dot one colon two four eight zero zero space one two seven dot zero dot zero dot zero dot one
colon two four eight zero zero and still on the PC underscore middle we're going to run
synergy server but we're going to do it in the foreground with debug enabled. So the command is
synergy s all one word space dash dash debug space and that's in the location and then in the
upper case debug then everything else is in the location space dash dash no dash demon space dash
server space dash dash address space one two seven dot zero dot zero dot one and dash dash config space
tilde four such ETC four such synergy dash work dot conf which is the link to my config file
and then dash dash name space PC underscore middle and then dash dash log space slash
temp slash synergy work dot conf dot log and what that's command is synergy server calls server
the debug sets the amount of information that you were going to display in this case a lot
because debug information we're going to go no demon which means it's going to continue running
in the foreground and not disappearing to the background we're going to start it as a server so
not a client and the address that the server is going to be listening on is one two seven dot zero
dot zero dot one so it's sitting there waiting listening on that on the local host and the
configuration file that's going to use is the one that we've just edited the one that says the
PC and the middle is on the is to the right of the other PC right and then PC right sees the
PC middle on its left and then when we run that we'll see stuff like opening configuration
configuration reads successfully x open display blah blah blah starting server vnq is ready
and then screen PC middle shape changed and then it stops because at that point it's now waiting
for connection to come in so we can double check that it's rolling on that PC middle
computer by typing net status space dash a np and we pipe that to grip two four eight zero zero
and if you run that as normal user you'll get an error message which you can ignore but you'll see
that it's listening on one two seven dot zero dot zero dot one two seven dot zero dot zero
one and port number two four eight zero zero and it's accepting it's going to reply back to wherever
if zero dot zero dot zero dot zero which is which means in this term I'm going to reply back
to wherever it comes from so on the PC in the middle we're going to connect to the PC on the
right and we're going to do that and we type SSH space PC underscore right and that will tell
the SSH command to connect to that machine now it doesn't know about that so it'll go and
look in its configuration file which we've changed earlier it knows the whole stype address
so it'll connect to that and then it'll do the special thing that it will listen on the far
side for commands and pipe them back through the pipe we'll talk more about that later so
on the PC on the right so we can either do this via the SSH connection that we opened or
better yes by going over and typing on its keyboard so if it's a laptop you're typing on the
laptop keyboard of the second one the one that's on the right you type synergy C which is the command
for to start at the client we're going to go space dash dash debug space uppercase i nfo
and space dash dash no dash demon space dash dash name space PC underscore right space one two seven
dot zero dot zero dot one now what that's happening here is you're starting synergy in the
client board we're going to enable some debugging and in this case we're just going to try and show
info level debugging information because there's a no full lot of people around full debugging
again we're not going to run it as a no-dayman so it's running in the foreground and we now need
to tell it okay in this whole setup what name am i and we've already configured it as PC on the right
and we tell it to send its commands over to one two seven dot zero dot zero dot one which is
listening on the SSH tunnel and then you'll see debug information like connecting to one two seven
dot zero zero dot one and if all goes well you see something like connected to server and then
if you go back to PC middle you should see the log that is connected opening new socket for a
blah except a client connection received client PC right and the shape is this and the client PC
right has connected so perfect so just want to make a little note if you tried to run the client
synergy see over the SSH connection so you're on your middle computer and you've connected to the
other computer in order to start the tunnel up over SSH you might try running the commands there
if you do that you'll see the connection correctly but when you move your mouse on
from one screen with the hope that little jump to the other one it won't do that it'll
come back into the center and the reason for that is to do it x permissions so that command
we need to run the command
to start the synergy client it has to be on the keyboard of the session that you're on so if you want to
control a particular session you need to run the command from that session there's a way to get
around that but I found the easiest thing is you just go up in the morning you log in to that
other computer you start the client and then you go back to your main computer and for the rest of
the day you don't have to touch this other computer so where are we now have it so that when on
the middle PC when you move the keyboard when you move the mouse over to the other side
it will highlight programs on the other side just as if you're using them you can use the menu to
start a no pad application for example case if you're running kitty or some other mouse pad or whatever
and you can start typing on your middle keyboard and everything that your type will appear on the
other one so that is basically what we want to do and if you look at the logs on the PC
middle as you're doing that you'll see all sorts of stuff like switching from PC middle to PC
rice leaving the screen moving over the keyboard updating the screen to this at the next thing
and sending X screensaver commands etc so we now know it works because you're on the on your
PC middle and you can control PC rice so we can go over to the PC rice and that keyboard
we can hold on control and press C which is the generic cancel unit in Unix word world
you often see you've written a CTRL plus C and what that means is you hold on the control key
kept keeping it all held you press the C does matter if it's over case or long case
and that will terminate command now back there will terminate the client and then back on the
middle PC which is still running the server you'll see a debug information client PC right
has just connected closing socket that they had opened earlier and we're now basically finished with
that as well so you can hold on the PC middle you can hold on you control and C
to terminate the server as well so now that everything is working correctly we can make it
easier to start and it just does a by the by the note here there is a way within synergy to set up
TLS or that your traffic is encrypted I'm not doing that here because it's running over SSH
there's already an encryption there so if you want to do that they command that you'll need to enable
is dash dash enabled dash crypto and it is quite complicated to do due to the fact that the
people who developed it went closed open core blah blah blah on us so this is a reason to do SSH
connections and the SSH can totally is actually nicer because if you're on different
networks even you can still connect to the other computer using SSH via maybe a bus
and a host or something and in that case you connect remotely to another computer and then
you port forward via that then to your client so if both computers can't talk to each other
what you do is you have the middle PC connect to a central server via SSH and then you have the
other PC on the right connect to that remote server the same remote server and then you can
forward your packets through that but that's outside the scope of this exercise so as we saw before
the client needs to be run on the same physical access that you need on the second computer so
what we want to do now is make things a little bit easier by making a bash script two bash scripts
actually want to run the client to run the server so we'll start on the PC on the right
you can create a bin directory if you don't have it in your home directory make your bin
and then you can edit the file using nano or something nano space till the forward slash bin
for slash start that synergy client dot bash and then in that command in that empty file you type octetorp
which is the hash symbol or the pound symbol if you're in the US tiktokto you know the two lines
vertical two lines horizontal okay you type hash
exclamation mark force I pay in force I bash new line kill all space synergy c new line sleep space
two new line synergy c space dash dash name space PC right space one two seven dot zero dot zero dot
one enter exist zero so what that does first line tells us it's a bash file the second line
checks to see if there are other versions of synergy client running and kills them all
is then waits for two seconds to give area the system a chance to settle down
then it starts another synergy client with the name of PC right and one two seven dot zero dot zero
dot one and then it goes into the double go into the background and then it exits with a zero which is correct
so still on that computer on the PC right we allow the file to be executable by typing change mod
c h m o d sorry space plus x space tilde bin start dash synergy dash client dot bash
which is the name of the file that we used earlier if you use something different that's entirely up to you
so while we're over there we can we can basically run the file start dash synergy dash client
dot bash and it'll run and I usually I have encrypted hard disk so first thing in the morning
I need to type in a password anyway so I turn on both computers type my password on PC underscore
right and then when the session comes up I run the command and then I basically leave that loan for
the rest of the day but if you want to do an automatically start thing there's a link in the
show notes learn dot ita fruit dot com synergy dash on dash rush raspberry dash pi for such
set up dash synergy dash client dash auto start easy for me to say and that'll tell you how to do
it on one on raspberry pi but your system may be different so you're going to need to figure out how
to do it on your own system and again if you're logging in anyway having the type your password
all then you should you know it's easy just to type it now we're back to the middle PC again
and we're going to create a new file now no space tilde for such bin for such bash start dash synergy
dash server dot bash and in there we're going to paste the following stuff hash exclamation
mark for such bin for such bash you line server name equals synergy s now the reason I'm doing that
is because synergy server can be different but let's let's let's forget about that so again
I do a kill all synergy s for the server name and then I run synergy s space dash dash server
space dash dash address space 127 dot zero dot zero dot one space dash dash config space force tilde
for such edc for such synergy dash work dot config space dash dash name space pc underscore middle
slash synergy dash work dot config dot log and I do some stuff to set the control keys and turn off the
one I run the command start synergy server dash and it opens the shell to the PC on the right
which is fine because sometimes I need to do s h stuff over there and it's easier locally
but from there on I can also move my mouse over to the right and it'll control that keyboard
over there which is sometimes handy and the reason I'm using this is if you're in the case where
you need to have two separate connections one for the lab on one for production and you don't want
to mess with anything then you have two separate systems there's no way days it can migrate from
one to the other and that's kind of a useful way of doing it then the production stuff is over on
the production machine and your lab stuff is on your local machine and you could also use it just
for the laws for control and somebody else's keyboard and mouse what they think they're going
nuts so I want to just have a side note here about that special address one two seven that's
your that's your one and talk to you about how this actually works we kind of alluded to it
but I want to go into more a little bit more detail that address is also referred to as a loop
back address or home or local host and it's usually defined in slash ETC slash host so if you ever
saw somebody with a t-shirt at a conference that says there's no place like one two seven dot zero dot
zero dot one that's what they actually mean and the purpose of it is it's used by programs
running on a given computer to talk to each other so you can isolate say you have your own
web server running on your local computer and you can connect the browser on your local computer
to that web server so if you set up your server only to be listening locally on port one two seven
dot zero dot zero dot one and port eighty then you can open up a browser in your computer and type
a one two seven dot zero dot zero dot one and by default they port eighty is at us it'll go to the
web server on your local machine now if you're from bobs and next year on the same network
tries to go to one two seven dot zero dot zero dot one port eighty it's not going to go to your
web server it's going to try and go to the web server in its machine that's referred to on local
host and it's an IP for network standard and it reserves the entire block 0.27 dot zero dot zero dot zero
four dot eight that's more than 16 million addresses for your loopback purposes so anything
beginning but one two seven is a local address so you can have one two seven dot one two three the four
level one two out four five six one two seven does one dot one dot five is also a loopback address
equally one two seven dot one two seven dot one two seven dot one two seven is also a loopback address
but you want to be a big careful with that because some your server still needs to be listening
to the address that you're going to it's not a wild card that any particular address is there
you you can have one version of Apache listening on one two seven dot zero dot zero dot one and
another one listening on one two zero zero dot zero dot two for instance now if you find that a
little bit confusing just think of it like if you're talking to your bobs and the bobs says
I'm going home now you should also go home so what does that mean you're never going to get
confused by that because you know that what they're actually saying is I'm going to my home now
and you should go to your home now so when you're talking about home it's context the one
exception to that of course is if you're talking to Irish people and they say are you going home
for Christmas they don't actually mean your home the mean are you going back to Ireland so there you
go and that's that's just something Irish people have to to suffer and we we know about that
so move on so what's happening here is that the address one two seven dot zero dot zero dot one
when we configure anything on the PC middle is only available on the PC middle and equally
when we configure something on the on the configuration files on the PC on the rise and we talk
about one two seven dot zero to zero dot one we're only talking about the PC on the rise so
there's a bit of something missing to connecting the two and that's because the server
so the server is listening on the loop back address on one two seven dot zero to zero dot one
on the PC middle while the client is sending to the loop back address on one two seven dot zero
that's zero dot one and is which is PC on the rise so the trick is the remote forward
configuration line in when we SSH from the PC on the middle to the PC on the rise and that
plan is remote forward space one two seven dot zero to zero dot one colon and the port number
four synergy which uses two four eight zero zero and one two seven dot zero to zero one two four
eight zero zero so go through that in more detail that tells the remote in this case that's
PC on the rise the listen on port one sorry two four eight zero zero so listen on port two four
eight zero zero on its loop back address and that's going to be where the client is going to be
talking to then the SSH connection will forward any packets to back to the remote from the remote
to the PC in the middle and it'll pop those out on port two four eight zero zero on its loop back
address and that's the address of the server so the client is sending down to its local address
SSH is taking the packets and moving them over to the other side and popping them out
on the local address of the server computer and into the port where it's listening very very
cool actually when you think about it so that's all I have to say about that if you have questions
or comments or you feel you can improve this in the episode free of free to do so and also
considering recording and show yourself so that's it I'll round up by saying tune in tomorrow
for another exciting episode of Hacker public the rate to you