Encrypting synergy traffic via OpenSSL and stunnel

I use synergy to control several different linux systems in my office using a single keyboard and mouse.

The only issue I have with this software is it does not (yet?) natively support SSL encryption for your traffic. This is problematic when transmitting plain-text passwords between systems, which I do often.

This HOWTO will explain how I encrypted my synergy traffic using basic OpenSSL and stunnel technology.

1) First, you’ll want to download all of the necessary packages to facilitate this. All of these can be found in nearly every distributions repositories, so fire up your apt-get/aptitude or yum and grab these:

• synergy
• stunnel
• openssl

2) Next, configure stunnel on the synergy server. The synergy server is the system that your mouse/keyboard is physically attached to.

Edit /etc/stunnel/stunnel.conf:

output = stunnel.log
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
cert = /etc/stunnel/stunnel.pem
CAfile = /etc/stunnel/certs.pem
verify = 2
fips = no

[synergy]
accept = 25800
connect = 24800

Where synergy’s default port is 24800 and 25800 is the secure port you’ll be having stunnel talk over.

3) Now configure your synergy clients. Synergy clients are the machines you want to control using the synergy server.

Edit /etc/stunnel/stunnel.conf:

client = yes
CAfile = /etc/stunnel/certs.pem
output = stunnel.log
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
cert = /etc/stunnel/stunnel.pem
verify = 2
fips = no

[synergy]
accept = 24800
connect = 25800

Again, synergy’s default port is 24800 and 25800 is the secure port you’ll be having stunnel talk over.

4) Next you’ll want to create a certificate and encryption key using openssl. You need to do this from both your synergy server and all synergy clients:

cd /etc/stunnel
openssl req -nodes -x509 -newkey rsa:2048 -keyout stunnel.pem -out stunnel.pem -days 0

Enter in the information you are prompted for. Not all fields are required. You now have a certificate and private key in the file “stunnel.pem”.

5) Create a certificate authority file (CAfile) called /etc/stunnel/certs.pem and copy ALL of the certificates that you created into this file. Note: do not copy the private keys into the CAfile.

6) Now fire up your stunnel on all machines. This is done by simply running:

stunnel /etc/stunnel/stunnel.conf

7) Finally, fire up synergy.

On the synergy server:

synergys

On the synergy clients:

synergyc 127.0.0.1

You should now have an encrypted synergy session between your machines.

Did you encounter problems?

• If you get an error complaining that your system does not support FIPS, remove the fips = no line from the configuration file of the system that is complaining. This is common on Ubuntu or Debian based systems.
• If you receive an error about stunnel not being able to find your SSL certificate you may have a mismatch of openssl libraries in your stunnel. In which case, you will need to download the latest version’s source code from stunnel.org, then configure and compile it manually. You will need to install the libssl-dev package to do this.
• If it is still not working, you will need to debug further. Check the stunnel.log file in /etc/stunnel. If there’s no useful information there, execute stunnel in the foreground to see debug information:

in /etc/stunnel/stunnel.conf

foreground = yes
debug = 7

Share on Facebook

Tweet

No related posts.

Tagged In:ssl-stunnels-synergy