Victory is Mine

So, I can finally use synergy securely in Thornbrough now.

install synergy

I need to install synergy. However, I'm a mere user on Ubuntu Feisty, and I can't compile it. Compilation complains about a missing Xtst library, which is present in a fashion, and which I can persuade it through any means known to me to detect it. However, it's not very necessary, as I can download the .deb via http://packages.ubuntu.com and use dpkg -x to extract it into my $HOME/local. Yay.

configure synergy

This was simple. I copied the example configure file I had extracted to $HOME/.synergy.conf and set the right hostnames.

secure it

The synergy website recommends, on the clients, forwarding the server's port locally to the synergy server host via SSH, and then connecting the client to the server 'locally' (the traffic of which is all sent encrypted over the wire/air).

ssh -f -N -L 24800:server-hostname:24800 server-hostname

That's a great idea, except that the machines here don't have sshd installed. Consequently, I can't log into the synergy server host to forward the port.

install sshd

Alright, back to packages.ubuntu.com, download openssh-server, and extract it to $HOME/local. Try to run - uh oh, this will require some configuration.

configure sshd

1. sshd re-exec requires execution with an absolute path

   So, first, it needs to be run via its absolute path. Alright, create a wrapper script in $HOME/local/bin to it.

3. /etc/ssh/sshd_config: No such file or directory

   Then, it needs to find a configuration file. Let's add an empty $HOME/local/etc/ssh/sshd_config and pass it as an argument to sshd's -f option in my wrapper script.

4. Could not load host key: /etc/ssh/ssh_host_key
   Could not load host key: /etc/ssh/ssh_host_rsa_key
   Could not load host key: /etc/ssh/ssh_host_dsa_key
   Disabling protocol version 1. Could not load host key
   Privilege separation user sshd does not exist

   Now, there's no host keys found. Alright, let's use ssh-keygen to generate some.

   ssh-keygen -f $HOME/local/etc/ssh/ssh_host_rsa_key

   And specify the file location in the config file.

5. Disabling protocol version 1. Could not load host key
   Privilege separation user sshd does not exist

   Hmm, it's complaining that it can't find one for protocol 1. Let's tell it to use protocol 2.

6. Privilege separation user sshd does not exist

   Can't use privilege separation because of no user sshd, eh? I guess we'll have to do without :( Add another config line.
7. Silent death? Try '-D -e' options.

   Bind to port 22 on 0.0.0.0 failed: Permission denied.
   Cannot bind any address.

   Right, can't bind to port 22 as a stupid user. Well, there's plenty of ports I can bind to (like 3636). Another line in the config.
8. Still fails, '-D -e' again.

   Couldn't create pid file "/var/run/sshd.pid": Permission denied

   Alright, I bet I can change the PID file path in the config - yup, set a new line.
9. Just for the heck of it, let's say yes to PubkeyAuthentication and X11Forwarding, just in case.

run sshd

Finally, everything seems to work. I have to add `-p 3636` to the ssh forwarding statement to ensure it can find the port I'm using for the sshd server. I run sshd with '-D -e' so I can see any errors.

run synergys

Runs as normal on the server host (the one with the keyboard and mouse to be shared)

run synergyc

On the clients (the ones whose keyboards don't matter)

$ ssh -f -N -L 24800:SYNSERVERHOSTNAME:24800 SYNSERVERHOSTNAME -p 3636
$ synergyc -f localhost

For those it might interest, here's my final sshd_config file, mildly censored.

Port 3636
Protocol 2
UsePrivilegeSeparation no
HostKey /path/to/my/ssh_host_rsa_key
X11Forwarding yes
PidFile /path/to/some/user/writable/run/sshd.pid
PubkeyAuthentication yes

And here is my sshd wrapper

#!/bin/sh

$HOME/local/usr/sbin/sshd -e -f $HOME/local/etc/ssh/sshd_config "$@"

For those not in the know, $@ in bash matches arguments I passed to the script. '-e' is to print to stderr rather than the syslog.

Watch as I type!

Good news, bad news.

My keystrokes are currently traveling in plain text across the Thornbrough lab's LAN. This is because I got synergy working again. Previously, I use to compile synergy for my usage. I can no longer since the latest system upgrade. I have discovered, at least, how I can sort-of install things without root in Ubuntu.

Essentially, I use this command:

dpkg -x <packagename>.deb <pathtoinstall>

I generally install local things I built to $HOME/local or $HOME/.local. I am wondering in which cases Ubuntu packages would fail when simply doing `dpkg -x`. I should learn more about how such things work. Now, if only I could SSH from one machine into another for my greater security.

Oh, and isn't it scandalous that classes here still recommend FTP and telnet over SFTP and SSH? I believe it has something to do with Windows OSes only providing the former by default. Nargery.

I am having Internet issues to-day, and it's not my fault. While I am writing these posts, I cannot view them because my host provider is inaccessible. I wanted to find out which Ubuntu package had a given file in it, so I went to their package search page just now, and it was inaccessible as well. I must remember not to become too attached to the cloud because it remains, like other clouds, ephemeral.

Ubuntu Unwired

So, quite a few posts of mine are meant to be instructive to my future self, recording how I manage something so that I won't have to stumble through it again. Letting these be public here might allow the odd other person to benefit from my experience.

So, a Netgear MA111 wireless USB adapter. I wanted to get one working with my Acer Travelmate, Skedge. Sadly, the MA111 only supports WEP. So does my travelmate, but Linux doesn't seem to support its hot-swapping between Wireless and Wired. I have to set that at boot while the BIOS is in control, so I'd have to reboot to change the setting. Fortunately, the main environment I want to use this wirelessly in is on campus, and that doesn't employ WEP or WPA. (Crazy kids.) They only require authentication before your packets will be routed. Yay.

Anyway, the point of this post is to record what small change I had to made to have this work in Ubuntu. This forum thread discusses a few different methods, including "download the source and build it yourself". I'm getting bored with doing that, so instead I went to packages.ubuntu.com and searched for the module I needed, prism2_usb.ko. Results. I then apt-get'd the one for my kernel (i386), let it install, and yay, workingness.

I'm not sure how relevant this is, but I did also install linux-wlanctl-ng through apt-get and ran the following two commands from the forum thread.

$ sudo modprobe prism2_usb prism2_doreset=1
$ sudo wlanctl-ng wlan0 lnxreq_ifstate ifstate=enable