What is it?
Barrier lets you easily share a single mouse and keyboard between multiple computers with different operating systems, each with its own display, without special hardware. It's intended for users with multiple computers on their desk since each system uses its own display.
- Barrier also merges the clipboards of all the systems into one, allowing cut-and-paste between systems.
- Furthermore, it synchronizes screen savers so they all start and stop together and, if screen locking is enabled, only one screen requires a password to unlock them all.
- It is way faster than a physical Keyboard-video-monitor switch.
- It needs configuration
- and doesn't allow to share the monitors. Each machine uses its own.
# apt install barrier
If you have firewall(s), you'll need to open a port for Barrier. The default port is 24800, but it is configurable.
I recommend to create a subdirectory .barrier under your home to group and hide related stuff: mkdir ~/.barrier
Launch Barrier from your desktop and press F4 in the graphical interface. Disable SSL to avoid the certificate error, for now. We'll secure the communications later.
- Configure as server if you want to use this machine's keyboard and mouse.
- Configure as client if you want this machine to be handled with another one's keyboard and mouse.
Configuring the server
Press alt-ctrl-S in the graphical interface to save the configuration.
Configuring the client
You'll need to turn Wayland off:
- Save and exit
Restart gdm: # systemctl restart gdm3
If Barrier picks up a server on your network, it can configure itself to use it. Otherwise, enter the server’s IP into the GUI. The server's GUI shows you its IP address.
Registering the clients in the server
Start the server and the clients by clicking the Start button.
Click the Configure Server button. A window opens.
Use the tab Screens and links to layout the clients:
- Drag the monitor on the top right corner and drop it at the grid to declare a new client avatar.
- You can drag the client avatars from one cell to another. Place them next to each other, either side by side or one on top of the other.
- Double-click on the client avatar to configure it. The client avatar's name must be the same one you see in the Barrier GUI of the actual client machine the avatar wants to represent.
- Start both server and clients. If they connect, you'll get a yellow lock icon below and you'll be able to glide the mouse pointer from one machine to another.
Launch it from your desktop (at both ends, clients and server). It will take a few seconds to load.
Make sure the server is configured and running. At the bottom you should see a yellow lock and a text line saying it is running.
Try to enable the auto-configuration at the clients, and click the Apply button. If it fails, disable it, provide the server's name or IP address and click the Apply button.
Once working, you can close the windows on the server and clients. Barrier will keep working in the background till the end of the desktop session. See Conflicting instances under Troubleshooting section to learn how to manually kill the running Barrier processes, if you need to do so. The usual case is the opposite: You may want it to autostart with your desktop sessions.
Set up to autostart with your desktop sessions
Create this script in the client(s). Best under .barrier. I called it run-barrier.sh:
1 #!/bin/bash 2 # Purpose: Run Barrier client at desktop session startup 3 # Design: + At session start, Gnome will check ~/.config/autostart/ 4 # for start-up triggers. barrier.desktop will call this script. 5 6 SERVER=<IP address of your server> 7 CLIENT=<A name for this client> 8 LOG=<path/to/your/log/file> 9 10 /usr/bin/barrierc --name $CLIENT \ 11 --debug DEBUG \ 12 --log $LOG \ 13 $SERVER &
Then activate it: chmod +x run-barrier.sh
Then create a ~/.config/autostart/barrier.desktop text file with this content:
[Desktop Entry] Type=Application Exec=/home/<your_home>/.barrier/run-barrier.sh Hidden=false NoDisplay=false X-GNOME-autostart-enabled=TRUE Name=<A name for this launcher like launchBarrierClient> Comment=<Add a description here>
Create this script in the server. Best under .barrier. I called it startBarrierServer.sh:
1 #!/bin/bash 2 # Purpose: Start Barrier server at desktop session startup 3 # Design: + At session start, Gnome will check ~/.config/autostart/ 4 # for start-up triggers. barrier.desktop will call this script. 5 SERVER=<name of your server> 6 CFG=~/.barrier/barrier-server.cfg 7 LOG=~/.barrier/barrier-server.log 8 9 /usr/bin/barriers --name $SERVER \ 10 --debug DEBUG \ 11 --log $LOG \ 12 --config $CFG \ 13 --disable-crypto \ 14 --disable-client-cert-checking \ 15 --address :24800 \ 16 >/dev/null &
Then activate it: chmod +x run-barrier.sh
And create a ~/.config/autostart/barrier.desktop text file similar to the one of the clients, but pointing to startBarrierServer.sh and adapting name and description.
Securing the communications
Create the certificates and their fingerprints on all ends (server and clients)
cd ~/.local/share/barrier/SSL mkdir -p Fingerprints openssl req -x509 -nodes -days 365 -subj /CN=barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem openssl x509 -fingerprint -sha256 -noout -in Barrier.pem > Fingerprints/Local.txt sed -e "s/.*=/v2:sha256:/" -i Fingerprints/Local.txt
On the server, create a ~/.local/share/barrier/SSL/Fingerprints/TrustedClients.txt file.
Then for all clients...
create a ~/.local/share/barrier/SSL/Fingerprints/TrustedServers.txt file,
get their fingerprint:
and copy-paste it into the list of trusted clients of the server:
echo <paste here the fingerprint of a client> > ~/.local/share/barrier/SSL/Fingerprints/TrustedClients.txt
And get the server's fingerprint:
and copy-paste it into the list of trusted servers of each client:
echo <paste here the fingerprint of the server> > ~/.local/share/barrier/SSL/Fingerprints/TrustedServers.txt
Then at the server, press F4 and enable both checkboxes:
- Enable SSL
- Require client certificate
And save the configuration overwriting the existing one. (you can copy it before, if you wish).
The server call must now not use the --disable-crypto modifier.
The client call must now use the --enable-crypto modifier.
Press F2 to show the log.
Be aware that Barrier usually runs in the background and if you open it twice the second instance won't tell and will conflict with the running one. You can check your running instances with ps aux | grep barrier like this:
user@machine:~$ ps aux | grep barrier user 6836 0.0 0.3 1420780 103000 ? Sl mar24 0:03 barrier user 6936 0.5 0.0 102688 7496 ? Sl mar24 0:20 /usr/bin/barrierc -f --no-tray --debug INFO --name client [192.168.1.22]:24800 user 7736 0.1 0.2 1142548 85848 ? Sl 00:12 0:00 barrier user 7831 0.0 0.0 6252 700 pts/0 S+ 00:23 0:00 grep barrier user@machine:~$
If you have instances running that don't work, you'll need to kill all these processes:
kill 6836 6936 7736