Stuart Kreitman wrote: > Darren J Moffat wrote: >> Cyril Plisko wrote: >> >>> >>> synergy documentation provides a recipe on how to implement it via SSH >> >> I read that, what I couldn't find was how to force synergy to only >> bind to localhost. If it doesn't bind to localhost then I need to >> ensure that there are ipfilter rules in place to block it. >> > In its current rev. 1.3.1, synergy is just plain not secure. No bones > about it. > Its pretty easy to get running, but by the time you've read 1/2 page of > documentation, you know that its insecure. > We are not providing any tools or autorunning config for it. Its > apparent that this is an insufficient response.
Given it isn't enabled by default I guess it doesn't mater. The bit that still isn't clear to me though is how I know what port numbers it is using - I couldn't work that out from the docs. Is it a fixed port number or a dynamic one ? > I need guidance on making this palatable to ARC. Does "forcing synergy > to only bind to localhost" enforce only SSH connections? I would force you to use SSH port forwarding or something like it. > If this is a sufficient response to the security > concern, then I'm happy to oblige. At the moment I'm not actually suggesting you do anything, just trying to understand Synergy a bit better because the docs on its own site weren't helping me at all (and yes I read the FAQ and the "Security" page). Once I understand it better I can formulate what I think the risks are and determine if I want to suggest anything or not (likely not in this case though). I'd still like to know what happens with TX as a client and as a server (in synergy terms). I think I know the answer though but I'd like someone actually familiar with synergy to confirm. -- Darren J Moffat
