======
YAREST
======

YAREST is a cross-platform support tool for tunneling various desktop sharing
programs via SSH. Most any desktop sharing program that can be invoked from a
shell, or is already running, and uses a TCP port for communication should in
theory work, though currently only VNC and RDP have been tested and verified.

YAREST was designed, and written, to help those who help others.

This software is geared primarily towards technical providers that are looking
for a customizable cross-platform solution. To use the system an SSH server is
required; if you can comfortably setup and manage one or more servers that are
used purely for authentication and TCP forwarding by both your technicians and
end-users, then this software may be of service to you.


Features
========

- Extremely simple GUI for both your end-users and technicians

- Core yarest package exports all of the functionality independent of the GUI

- Usable with most any VNC variant, RDP, and likely other port based desktop sharing programs

- Requires only outbound connectivity for both technician and end-user when the SSH server is on a 3rd machine

- Supports multiple "connection profiles" to enable use of multiple SSH servers

- Supports executing your own custom code during sessions via the "SupportExtender" interface

- Includes an NSIS installer for Windows that can download and install the necessary Python dependencies


How It Works
============

The basic premise is simply this:

1. First entity starts the overall process by establishing a reverse SSH tunnel
   from a random server port number to their pre-configured local port number.

2. First entity delivers random port number, aka "access code", to the second
   entity. This could occur over the phone, e-mail, your own custom software,
   really fast courier pigeons, morse code, telepathy...anything you choose.

3. Second entity establishes a forward SSH tunnel from their pre-configured local
   port number to the "access code" server port, which links up the two tunnels.

4. Either or both entities disconnect the session when finished.


Code Example
============

The following two "connection profiles" and code snippets are intended to
represent the basic code needed for the scenario described directly above,
whereby the second entity is providing support to the first entity via RDP.

>>> [First Entity]
>>> ssh_server = my.support.server
>>> ssh_port = 22
>>> ssh_allow_unknown = True
>>> ssh_hostkeys = 
>>> ssh_compression = True
>>> support_port = 3389
>>> support_tunnel = reverse

>>> [Second Entity]
>>> ssh_server = my.support.server
>>> ssh_port = 22
>>> ssh_allow_unknown = True
>>> ssh_hostkeys = 
>>> ssh_compression = True
>>> support_port = 9999
>>> support_tunnel = forward
>>> support_exec = %SYSTEMROOT%\system32\mstsc.exe
>>> support_args = /v:localhost:%d /f

In the below code snippet assume:

- `your_config_file` contains exactly one connection profile, the "First Entity" one above
- `your_password` comes from the end-user in some manner
- `send_access_code_to_your_provider` delivers the "access code" to the other entity
- `user_clicked_disconnect` is some flag you set from elsewhere to end the session

>>> from yarest import ConnectionProfile, SupportEntity
>>>
>>> profiles = ConnectionProfile.read_from_file(your_config_file)
>>>
>>> firstentity = SupportEntity(profiles[0])
>>> firstentity.connect(your_password)
>>>
>>> access_code = firstentity.start_session()
>>> send_access_code_to_your_provider(access_code)
>>>
>>> user_clicked_disconnect = False
>>> while not user_clicked_disconnect:
>>>     continue
>>>
>>> firstentity.stop_session()

In the below code snippet assume:

- `your_config_file` contains exactly one connection profile, the "Second Entity" one above
- `your_password` comes from the end-user in some manner
- `access_code` was received from the first entity
- `user_clicked_disconnect` is some flag you set from elsewhere to end the session

>>> from yarest import ConnectionProfile, SupportEntity
>>>
>>> profiles = ConnectionProfile.read_from_file(your_config_file)
>>>
>>> secondentity = SupportEntity(profiles[0])
>>> secondentity.connect(your_password)
>>> secondentity.start_session(access_code)
>>>
>>> user_clicked_disconnect = False
>>> while not user_clicked_disconnect:
>>>     continue
>>>
>>> secondentity.stop_session()


SSH Server Security Considerations
==================================

Only the main SSH port needs to be accessible on any server(s) used,
and ideally such is the only port open on any server(s) firewall(s).

Unless you have a need otherwise, the simplest option is usually
to chroot the entire SSH server to the bare-minimum environment.

If you do need the SSH server for other purposes, then setup groups for your
technicians and end-users and confine them to their own chroot environments.


Dependencies
============

- `Python`     >= 2.6    (Tested with 2.6 and 2.7, untested on 3.x)
- `ssh`
- `pycrypto`             (Required by ssh)
- `configObj`            (Tested with 4.7.2)
- `psutil`               (Tested with 0.4 and 0.5)
- `wxPython`             (Tested with 2.8.10 and 2.8.12) [Only required by the `yarest.gui` package]
- `setuptools`           [If you don't have it already we'll install the included `Distribute`]


Installation
============

Providers should consider creating their own simple installation package
to automate these steps and include their own pre-configured profile(s).
On Linux that could be done an infinite number of ways, for a countless
number of distros, so nothing is provided beyond this documentation. On
Windows the included NSIS installer should be a good starting point for
most needs.

Steps for a functionally complete installation are as follows:


On Linux:
---------
1. Install the desired VNC variant, if unsure use `x11vnc` if you're the
   consumer (getting remote help) or `vnc4viewer` if you're the provider
   (giving remote help); your distribution most likely has packages.

   On Debian (as root):

   `apt-get install x11vnc`

   -or-

   `apt-get install vnc4viewer`

2. Install the dependencies that `setuptools` cannot fulfill, these are
   `Python`, `pyCrypto` and `wxPython`; your distribution has packages.

   On Debian (as root):

   `apt-get install python2.6 python-crypto python-wxgtk2.8`

3. Optionally install additional dependencies so `setuptools` doesn't have to.

   On Debian (as root):

   `apt-get install python-configobj`

4. Download the `yarest` source distribution zip and extract it somewhere,
   in the following we assume the extracted folder is "/tmp/yarest-0.5.0".

5. Open a root terminal and change to that folder: `cd /tmp/yarest-0.5.0`.

6. In the same terminal: `python setup.py install`.

7. Upon completion an executable script `yarest` is created.

   `yarest --help` will list the available command line options.

8. To use the program you need one or more "connection profiles", if
   you don't have a profile it will simply prompt you to create one.

   The "examples" folder in the source distribution contains various
   sample profiles that you should be able to adapt for your own use.


On Windows:
-----------
1. If you are receiving help either enable RDP and/or install another usable
   desktop sharing program such as UltraVNC, which you can download from:

   http://www.uvnc.com/downloads/ultravnc.html

   When installing you need the "VNC Viewer" if you're the provider (giving remote
   help), or the "VNC Server" if you're the consumer (getting remote help). Do not
   select the option to install the "VNC Server" as a service.

2. Download and install the "yarest-x86.exe" binary from the YAREST home page:

   http://code.google.com/p/yarest/

   The installer is made with NSIS and accomodates the most common scenarios;
   i.e. Windows computers with either 0 or 1 usable Python runtimes installed.
   If any runtime is found it's always used, otherwise we download and install.

   The installer has been tested with runtimes from the standard python.org
   distribution, whether it works with any other Python flavor is untested.

   Anyone willing to dive into NSIS should be able to modify it easily enough,
   see the included "README.txt" in the installer folder for the basic steps.

3. The installer creates a shortcut in the "Start Menu" to run `YAREST`.

   To use the program you need one or more "connection profiles", if
   you don't have a profile it will simply prompt you to create one.

   The installer creates an "examples" folder under the installation folder
   (default:"%PROGRAMFILES%\\YAREST\\examples") and within that folder are
   various sample profiles that you can adapt for your own use, as well as
   an "ultravnc.ini" file which you can use as the configuration file for
   UltraVNC (To use the config file it needs to be moved to the UltraVNC
   installation folder, which is "%PROGRAMFILES%\\UltraVNC" by default).


Bugs
====

Can be submitted via the issue tracker.

http://code.google.com/p/yarest/issues
