Download 
How to install yarest
- Download and install ActivePython
- Open Command Prompt
- Type
pypm install yarest
Lastest release
YAREST is a cross-platform support tool for tunneling various desktop sharing programs via SSH. Most any desktop sharing program that can be invoked from a shell, or is already running, and uses a TCP port for communication should in theory work, though currently only VNC and RDP have been tested and verified.
YAREST was designed, and written, to help those who help others.
This software is geared primarily towards technical providers that are looking for a customizable cross-platform solution. To use the system an SSH server is required; if you can comfortably setup and manage one or more servers that are used purely for authentication and TCP forwarding by both your technicians and end-users, then this software may be of service to you.
Features
- Extremely simple GUI for both your end-users and technicians
- Core yarest package exports all of the functionality independent of the GUI
- Usable with most any VNC variant, RDP, and likely other port based desktop sharing programs
- Requires only outbound connectivity for both technician and end-user when the SSH server is on a 3rd machine
- Supports multiple "connection profiles" to enable use of multiple SSH servers
- Supports executing your own custom code during sessions via the "SupportExtender" interface
- Includes an NSIS installer for Windows that can download and install the necessary Python dependencies
How It Works
The basic premise is simply this:
- First entity starts the overall process by establishing a reverse SSH tunnel from a random server port number to their pre-configured local port number.
- First entity delivers random port number, aka "access code", to the second entity. This could occur over the phone, e-mail, your own custom software, really fast courier pigeons, morse code, telepathy...anything you choose.
- Second entity establishes a forward SSH tunnel from their pre-configured local port number to the "access code" server port, which links up the two tunnels.
- Either or both entities disconnect the session when finished.
Code Example
The following two "connection profiles" and code snippets are intended to represent the basic code needed for the scenario described directly above, whereby the second entity is providing support to the first entity via RDP.
>>> [First Entity] >>> ssh_server = my.support.server >>> ssh_port = 22 >>> ssh_allow_unknown = True >>> ssh_hostkeys = >>> ssh_compression = True >>> support_port = 3389 >>> support_tunnel = reverse
>>> [Second Entity] >>> ssh_server = my.support.server >>> ssh_port = 22 >>> ssh_allow_unknown = True >>> ssh_hostkeys = >>> ssh_compression = True >>> support_port = 9999 >>> support_tunnel = forward >>> support_exec = %SYSTEMROOT%\system32\mstsc.exe >>> support_args = /v:localhost:%d /f
In the below code snippet assume:
- your_config_file contains exactly one connection profile, the "First Entity" one above
- your_password comes from the end-user in some manner
- send_access_code_to_your_provider delivers the "access code" to the other entity
- user_clicked_disconnect is some flag you set from elsewhere to end the session
>>> from yarest import ConnectionProfile, SupportEntity >>> >>> profiles = ConnectionProfile.read_from_file(your_config_file) >>> >>> firstentity = SupportEntity(profiles[0]) >>> firstentity.connect(your_password) >>> >>> access_code = firstentity.start_session() >>> send_access_code_to_your_provider(access_code) >>> >>> user_clicked_disconnect = False >>> while not user_clicked_disconnect: >>> continue >>> >>> firstentity.stop_session()
In the below code snippet assume:
- your_config_file contains exactly one connection profile, the "Second Entity" one above
- your_password comes from the end-user in some manner
- access_code was received from the first entity
- user_clicked_disconnect is some flag you set from elsewhere to end the session
>>> from yarest import ConnectionProfile, SupportEntity >>> >>> profiles = ConnectionProfile.read_from_file(your_config_file) >>> >>> secondentity = SupportEntity(profiles[0]) >>> secondentity.connect(your_password) >>> secondentity.start_session(access_code) >>> >>> user_clicked_disconnect = False >>> while not user_clicked_disconnect: >>> continue >>> >>> secondentity.stop_session()
SSH Server Security Considerations
Only the main SSH port needs to be accessible on any server(s) used, and ideally such is the only port open on any server(s) firewall(s).
Unless you have a need otherwise, the simplest option is usually to chroot the entire SSH server to the bare-minimum environment.
If you do need the SSH server for other purposes, then setup groups for your technicians and end-users and confine them to their own chroot environments.
Dependencies
- Python >= 2.6 (Tested with 2.6 and 2.7, untested on 3.x)
- ssh
- pycrypto (Required by ssh)
- configObj (Tested with 4.7.2)
- psutil (Tested with 0.4 and 0.5)
- wxPython (Tested with 2.8.10 and 2.8.12) [Only required by the yarest.gui package]
- setuptools [If you don't have it already we'll install the included Distribute]
Installation
Providers should consider creating their own simple installation package to automate these steps and include their own pre-configured profile(s). On Linux that could be done an infinite number of ways, for a countless number of distros, so nothing is provided beyond this documentation. On Windows the included NSIS installer should be a good starting point for most needs.
Steps for a functionally complete installation are as follows:
On Linux:
Install the desired VNC variant, if unsure use x11vnc if you're the consumer (getting remote help) or vnc4viewer if you're the provider (giving remote help); your distribution most likely has packages.
On Debian (as root):
apt-get install x11vnc
-or-
apt-get install vnc4viewer
Install the dependencies that setuptools cannot fulfill, these are Python, pyCrypto and wxPython; your distribution has packages.
On Debian (as root):
apt-get install python2.6 python-crypto python-wxgtk2.8
Optionally install additional dependencies so setuptools doesn't have to.
On Debian (as root):
apt-get install python-configobj
Download the yarest source distribution zip and extract it somewhere, in the following we assume the extracted folder is "/tmp/yarest-0.5.0".
Open a root terminal and change to that folder: cd /tmp/yarest-0.5.0.
In the same terminal: python setup.py install.
Upon completion an executable script yarest is created.
yarest --help will list the available command line options.
To use the program you need one or more "connection profiles", if you don't have a profile it will simply prompt you to create one.
The "examples" folder in the source distribution contains various sample profiles that you should be able to adapt for your own use.
On Windows:
If you are receiving help either enable RDP and/or install another usable desktop sharing program such as UltraVNC, which you can download from:
http://www.uvnc.com/downloads/ultravnc.html
When installing you need the "VNC Viewer" if you're the provider (giving remote help), or the "VNC Server" if you're the consumer (getting remote help). Do not select the option to install the "VNC Server" as a service.
Download and install the "yarest-x86.exe" binary from the YAREST home page:
http://code.google.com/p/yarest/
The installer is made with NSIS and accomodates the most common scenarios; i.e. Windows computers with either 0 or 1 usable Python runtimes installed. If any runtime is found it's always used, otherwise we download and install.
The installer has been tested with runtimes from the standard python.org distribution, whether it works with any other Python flavor is untested.
Anyone willing to dive into NSIS should be able to modify it easily enough, see the included "README.txt" in the installer folder for the basic steps.
The installer creates a shortcut in the "Start Menu" to run YAREST.
To use the program you need one or more "connection profiles", if you don't have a profile it will simply prompt you to create one.
The installer creates an "examples" folder under the installation folder (default:"%PROGRAMFILES%\YAREST\examples") and within that folder are various sample profiles that you can adapt for your own use, as well as an "ultravnc.ini" file which you can use as the configuration file for UltraVNC (To use the config file it needs to be moved to the UltraVNC installation folder, which is "%PROGRAMFILES%\UltraVNC" by default).
Changelog
0.3
Release date: 17-Dec-2011
- Initial public release
0.4
Release date: 24-Jan-2012
- Added the option to allow the consumer to initiate the support session
0.5
Release date: 30-Jun-2012
- Added a profile configuration option to specify the port forwarding tunnel direction
- Added profile configuration options to support additional client authentication settings
- Added support for already running desktop sharing programs such as RDP or VNC as a service
- Renamed profile configuration options to reflect support for additional desktop sharing programs
- Refactored the "SupportConsumer" and "SupportProvider" classes into a single "SupportEntity" class
- Redesigned the "SupportExtender" interface to simplify it and provide additional integration options
- Modified setup.py dependencies and internal import statements to use the ssh package instead of paramiko
- Refactored the installer into a single 32-bit build script and updated the installer Python version to 2.7.3
successful builds