inside the mind of a linux admin

Encrypting synergy traffic via OpenSSL and stunnel

I use synergy to control several different linux systems in my office using a single keyboard and mouse.

The only issue I have with this software is it does not (yet?) natively support SSL encryption for your traffic. This is problematic when transmitting plain-text passwords between systems, which I do often.

This HOWTO will explain how I encrypted my synergy traffic using basic OpenSSL and stunnel technology.

1) First, you’ll want to download all of the necessary packages to facilitate this. All of these can be found in nearly every distributions repositories, so fire up your apt-get/aptitude or yum and grab these:

  • synergy
  • stunnel
  • openssl

2) Next, configure stunnel on the synergy server. The synergy server is the system that your mouse/keyboard is physically attached to.

Edit /etc/stunnel/stunnel.conf:

output = stunnel.log
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
cert = /etc/stunnel/stunnel.pem
CAfile = /etc/stunnel/certs.pem
verify = 2
fips = no

accept = 25800
connect = 24800

Where synergy’s default port is 24800 and 25800 is the secure port you’ll be having stunnel talk over.

3) Now configure your synergy clients. Synergy clients are the machines you want to control using the synergy server.

Edit /etc/stunnel/stunnel.conf:

client = yes
CAfile = /etc/stunnel/certs.pem
output = stunnel.log
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
cert = /etc/stunnel/stunnel.pem
verify = 2
fips = no

accept = 24800
connect = 25800

Again, synergy’s default port is 24800 and 25800 is the secure port you’ll be having stunnel talk over.

4) Next you’ll want to create a certificate and encryption key using openssl. You need to do this from both your synergy server and all synergy clients:

cd /etc/stunnel
openssl req -nodes -x509 -newkey rsa:2048 -keyout stunnel.pem -out stunnel.pem -days 0

Enter in the information you are prompted for. Not all fields are required. You now have a certificate and private key in the file “stunnel.pem”.

5) Create a certificate authority file (CAfile) called /etc/stunnel/certs.pem and copy ALL of the certificates that you created into this file. Note: do not copy the private keys into the CAfile.

6) Now fire up your stunnel on all machines. This is done by simply running:

stunnel /etc/stunnel/stunnel.conf

7) Finally, fire up synergy.

On the synergy server:


On the synergy clients:


You should now have an encrypted synergy session between your machines.

Did you encounter problems?

  • If you get an error complaining that your system does not support FIPS, remove the fips = no line from the configuration file of the system that is complaining. This is common on Ubuntu or Debian based systems.
  • If you receive an error about stunnel not being able to find your SSL certificate you may have a mismatch of openssl libraries in your stunnel. In which case, you will need to download the latest version’s source code from, then configure and compile it manually. You will need to install the libssl-dev package to do this.
  • If it is still not working, you will need to debug further. Check the stunnel.log file in /etc/stunnel. If there’s no useful information there, execute stunnel in the foreground to see debug information:
  • in /etc/stunnel/stunnel.conf

    foreground = yes
    debug = 7

Related Posts

synergy: How to enable crypto (encryption) and generate SSL certificate

The newer Linux versions of the popular mouse/keyboard sharing application “synergy” now has built in encryption. Here’s how to configure it: Just simply passing the –enable-crypto flag on your synergy server without having a proper SSL certificate will result in the inability to connect to clients and generate an error message similar to this in […]

Read More

Change Number Pad Delete (dot) key from a comma in Ubuntu Linux

I recently purchased a new keyboard and updated to the latest Ubuntu, I’m also an avid user of the number pad for quick input when dealing with spreadsheets or accounting. I found that my num pad’s delete key (“.”) was outputting a comma (“,”) instead. Pretty annoying? I agree, but this can be very easily […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Twitter: kireguy

Tweeter button Facebook button Myspace button