YAREST is a simple custom system in Python to tunnel VNC over SSH.
YAREST was designed, and written, to help those who help others.
i originally wrote this for a friend, and i'm placing it here just in case it might be useful to anyone else. As i am not a programmer by trade, and my Python experience until now was limited to simple scripts written for my own sysadmin needs, this should definitely fall into the category of BETA software.
This software is geared primarily towards technical providers that are looking for a customizable cross-platform solution. To use the system an SSH server is required; if you can comfortably setup and manage one or more servers that are used purely for authentication and TCP forwarding by both your technicians and end-users, then this software may be of service to you.
Included in this package is hopefully enough for any astute technical provider to create their own pre-configured solution that can be deployed to their end-users. To that extent some pre-built binaries are available for you to download and try out on Windows, and Installation instructions are provided to help you get a completely functional setup on Windows or Linux (any POSIX system really). As i don't have access to any OS X system, no such install instructions are provided, however this software should work on OS X as well and the overall install process is surely similar to the POSIX install.
The provided Windows installer downloads are intended simply as demonstrations, ideally you as the provider would modify the included NSIS installer script and/or create your own simple install routine to automate the basic setup requirements. With that said, this package is usable as-is for anyone willing to perform the basic install steps manually on each computer, which really only takes a few minutes per machine (once you've done it a few times).
How It Works
- Provider = Person who is giving remote support
- Consumer = Person who is receiving remote support
- Server = SSH server that both Provider and Consumer can connect to
1. Provider connects to Server, reverse forwards random internal server port to local VNC port, starts VNC viewer in listen mode bound to "localhost:VNC port".
2. Provider gives random server port number to Consumer (we label it the "access code").
3. Consumer connects to Server, forwards local VNC port to remote server port, starts VNC server in reverse connection mode bound to "localhost:VNC port".
4. Server receives the connection request from Consumer, forwards it over to Provider, then Server routes the VNC conversation between the two tunnels until either side ends the support session.
SSH Server Security Considerations
Only the main SSH port needs to be accessible on any server(s) used, and ideally such is the only port open on any server(s) firewall(s).
Unless you have a need otherwise, the simplest option is usually to chroot the entire SSH server to the bare-minimum environment.
If you do need the SSH server for other purposes, then setup groups for your technicians and end-users and confine them to their own chroot environments.
Here are some key features of "YAREST":
· Extremely simple GUI for both your end-users and technicians
· Core yarest package exports all of the functionality independent of the GUI
· Usable with any VNC variant that has server reverse connect and viewer listen modes
· Requires only outbound connectivity for both the technician and end-user when the SSH server is on a 3rd machine
· Supports multiple "connection profiles" to enable use of multiple SSH servers
· Supports executing your own custom code during sessions via the SupportExtender interface
· Includes an NSIS installer for Windows that can download and install all the necessary Python dependencies
What's New in This Release: [ read full changelog ]
· Added a profile configuration option to specify the port forwarding tunnel direction
· Added profile configuration options to support additional client authentication settings
· Added support for already running desktop sharing programs such as RDP or VNC as a service
· Renamed profile configuration options to reflect support for additional desktop sharing programs
· Refactored the "SupportConsumer" and "SupportProvider" classes into a single "SupportEntity" class
· Redesigned the "SupportExtender" interface to simplify it and provide additional integration options
· Modified setup.py dependencies and internal import statements to use the ssh package instead of paramiko
· Refactored the installer into a single 32-bit build script and updated the installer Python version to 2.7.3