Eric Klein

Automated client login

3 posts in this topic

So I run a central server that is my main admin system, and then I run a bunch of test machines that are all created and set up via scripts. I tend to re-image those test machines every other week or so, and there is just no reasonable and secure way for me to do the "login to symless" process on my test machines. What's more, on my local subnet there are likely to be other users running synergy, so I cannot safely rely on automatic server discovery (not without some sort of dropdown option).

Now in the past, I've run without ssh connections between server/client because of this issue (well, related reasons. I basically cannot easily establish licenses on each of my client machines, so I just run them unlicensed, but they all connect to my server which is licensed).

With the Synergy 2 beta (I just tried it out today) I am not able to startup my clients without using the "login to symless" option, which basically makes synergy unusable in my configuration. I need some way for the client's to be able to connect to the server and use the server's symless license/login instead of requiring their own.

What's more, I DID try to manually enter the username/password on one of my test machines, but I keep getting a message like this"

[ Core    ] [2017-09-18T22:53:06] WARNING: unrecognised client name \"klein-test2\", check server config

 

There appears to be no way to check or modify the server config though. I've tried all the things I can think of, but Preferences are gone, and there appears to be no menu applet anymore. Double clicking on the server machine name in the main GUI does nothing (aside from flash the border on the box).

 

So I appear to be stuck. I'm going to roll back to Synergy 1.8 for now so that I can continue to use Synergy, but once there is a way to modify the configurations, and once there is a way to allow the clients to use the server's license/login (so that they don't require logic/license setup), then I'll move back over to the beta.

Share this post


Link to post
Share on other sites

Interesting use case, perhaps we need a token login option? Where perhaps you can store a token in a file, and Synergy then uses that to sign in (rather than needing to click a button and enter your login info). What do you think?

Share this post


Link to post
Share on other sites

I'm certainly not against that. Let me put a counter proposal out there though. What about clients without license or authentication info? As I see it there are two motivations for a client-login:

1) To ensure that anybody using synergy is a licensed/paid user.
2) To ensure that any clients connecting to the server are who they say they are.

I'll address #2 first, since it's more trivial (for me). I'm in a moderately secure environment, and I'm not worried about malicious clients. I have no need for end to end security between my test systems and my admin system. Having non-trivial security between these systems doesn't really add anything for me. The only security I would really find interesting is the ability to reject client requests from systems outside a certain IP range, but even that would only work some of the time, since I also travel from time to time, and can wind up using a dynamic IP range when working off-site.

As for the licensing/payment side of it, it seems like what you really care about is that each user of synergy is paying. You don't really care how many potential client machines are out there. I think enforcing a license requirement for the server is entirely fine and reasonable. At least the way I see synergy, each actual user is running a server instance, and each client instance is really just part of the same cluster of machines that that same user is working on. If you wanted to enforce some X number of clients per-server as part of some future business model, it would be easy to do that from the server (i.e. just reject connections from clients that would bump the count over the limit). I don't see a benefit for Symless from enforcing a requirement that all clients be licensed as well. And the client is pretty well useless without the server. I don't see a business model where some people would be buying synergy to use just in a client mode, so I don't think you stand to lose any money from not licensing the client instances.

All that being said, if a token based authentication system still looks like the best idea, then I'm OK with that. What I would ideally need is some way to install a file (or run a script, whatever) that would allow the client to just have what it needs without any interactivity required. I never have more than 3 clients at once, and they generally cycle through the same 3 static IPs (or at least the same 3 hostnames). If I could pre-generate token files from the server for test1, test2, and test3 (or whatever), and then install the correct file on the correct client, that would be an entirely workable solution for me.

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now