Remote Access and Support with ButConnect

ButConnect is an alternative remote access and support software solution that provides the opportunity to access computers and networks you don't have a direct or VPN connection to and hence anyway enables you to provide remote support in such a situation.

It works — similar to other remote connectivity tools — by collaborating with your communication partner: Only by sharing the credentials for a session he or she can enable you to connect.

ButConnect is a portable and cross-platform software. All you need is the same executables on both sides regardless of the operating system.
(Note: On systems other than Windows, Mono needs to be installed in order to run ButConnect.)

It works across firewalls. It's not necessary to adjust firewall or router settings on either side or to open or forward any ports.

There's no installation required. After downloading and unpacking a compressed file, you just launch the executable ‘ButConnect.exe’.

Moreover, no registration is requested. You just log on with the credentials that are generated on-the-fly and then passed on to you.

This way you both can easily build up an ad-hoc team and start working together.

Do you need an alternative remote access software?

As an IT professional, you are expected to just fix this or help with that quite often — even when you're off site.
If you have VPN access to that location, there's no problem. But if it's, for instance, a new customer you are not yet really associated with and thus have no control over their infrastructure or if it's a friend, a relative or other private person or in any other unprepared situation, you don't have any remote access to their computers, usually.
Fortunately, most of them are behind a firewall but also have no clue how to let you in from the Internet.

Remote support without connection could be a challenge ...
This is where ButConnect comes into play — with ButConnect you connect anyway!

In fact, you can do remote access with other tools, too. Some of them are free for non-commercial use, but if you want to use them lawfully as an IT professional, it can be quite expensive.
Some even stop you from helping others by claiming ‘Commercial use suspected’ or ‘Commercial use detected’, even when you are using it non-commercially.

By contrast, ButConnect is free for both private and business use. It could be a substitute for all those well-established remote access and support solutions but also offers some extra features.

How does remote access with ButConnect work?

Both you and your communication partner simply need to launch ‘ButConnect.exe’.

The “client” uses ButConnect in client mode by just pressing the [Return] key. He gets the credentials for a specific channel back and communicates them to his agent by phone or text message.

The “agent” for his part switches over to agent mode by typing [A] (or ‘agent’) and then pressing the [Return] key. He is now for a short period of time able to join that particular channel by logging on using those credentials.

After that time and when a session is finished, the channel will be destroyed and can no longer be used.

As soon (and as long) as the connection is established, the agent is able to access the client's host. The agent pretends to direct the requests to his own computer — it looks like he's talking to the local host, but in fact the communication is redirected and forwarded to the remote host.

ButConnect is powered by the secure shell (SSH) protocol. This means your communication is encrypted and even if the public and private keys are available, it is not possible to decrypt the transferred data and your privacy is still protected.
(In fact, the SSH keys of the default client and agent user are included in the ButConnect executable, but these are used for authentication against the ButConnect servers only — and ... well ... anyone is welcome to use our service and thus is also authenticated to do so. For the encryption within the channel, a Diffie-Hellman Key Exchange is used and those keys are not available.)

Furthermore, nothing is stored on the “broker” (the ButConnect server), not even when transferring files. The broker only manages the connection between two communication partners by providing a “channel”.

Remote Support and Other Possibilities

Once you got that channel, you can use it for the type of communication you need to satisfy your or your customer's requirements.
A few basic use cases are integrated already:

• There is remote control. On Windows, we use UltraVNC server and viewer, which are included and start automatically if ButConnect is running in default (i.e. client and agent) mode. On other platforms (such as Linux, macOS, BSD, Solaris, Raspberry Pi and others) you can use your preferred tools.
  This is just the free alternative to other remote desktop software.

• There is file transfer, too. Without the need to establish a fully featured remote access session first, you can just transfer the file and you're done.

• And there is also a chat mode.

(File transfer and chat can coexist with a running remote support session without conflict. Alternatively, you can use the file transfer or chat capabilities of UltraVNC or other tools over the ButConnect link.)

What else? What makes ButConnect unique?

For advanced users, there are some more possibilities than this.
But also and above all, there's actually more than provided by other remote connectivity tools:

• Most importantly, you get an all-purpose communication channel to services, hosts and even networks that weren't accessible otherwise. Being able to reach those computers somehow could be crucial in your situation.

• You can choose which (TCP) port is forwarded within the channel, so not only remote control is possible, but also many other services. To carry multiple services, you can establish more than one channel.

• Some use cases require to connect to multiple ports and/or multiple hosts. That is also possible.

• Once connected, it is possible to reach the client's computer or even (on your client's demand) other remote computers and servers that are on the client's network.
  As a result, you can reach virtually any service on any host on a network if you are able to connect to at least one of them (maybe already with ButConnect) and if you have ButConnect at hand on that host and are able to run it remotely.
  (Consequently, you can access those hosts/services directly from your PC — there's no need to climb along intermediate ‘hops’. This is useful, for instance, if you want to access a NAS or some other network appliance that cannot run ButConnect itself. It is also suitable for remote management web interfaces and their remote consoles like iLO, iDRAC, iRMC, ILOM, IMM or whatever type of IPMI implementation it is.)

• It is even possible to allow access to those remote hosts from other local computers that are connected to the agent's network.

• The direction of a connection can also be reversed.

• If necessary, you can create bidirectional connections within a single session. (Connections that are established from one side can not only transport payload there and back, but can also be triggered from both sides. This is required, for example, with DICOM communication.)

• Connections in default mode and in direct mode can be cascaded into a mixed mode so that they build on each other. (For example: An unattended default‑mode session connects to an SSH server which is located in the target network and — since you're using ButConnect — does not need to be exposed to the Internet. And then, a follow-up direct‑mode session connects to some other address, port and protocol on the target network using the first. That way, many more hosts and services come within reach.)
  It would still only be necessary to launch ButConnect once: You choose a name and will be asked for a passphrase (possibly twice in this scenario).

• You can instruct ButConnect to automatically reconnect in case the connection dropped. If you do so and also start ButConnect using your own dedicated SSH keys, you get the “host mode”. That way, you can get connected with a single click and without any interaction on the client side (or even on both sides).
  (You get a similar behavior if you let ButConnect exit when the connection drops and restart it at the operating system level by script or by batch file or by using the systemd mechanism on Linux.)
  If you install UltraVNC server on Windows as a service by right-clicking its tray icon and choosing [ Install Service ], not even Windows User Account Control (UAC) is a big issue anymore and true unattended access is possible.

• And you can choose the port that is used to get through the firewalls on both ends and to contact the broker.

This way, ButConnect provides a “link” from one network into the other. Without the need to install and configure a gateway but only by exchanging credentials (username, password and a code), you get a VPN-like functionality when a real VPN is not available.
(But unlike a VPN, ButConnect restricts access to the intended host and port. It does not additionally give access to the entire network and therefore makes it easier to adhere to the ‘zero trust’ principle. However, if access is granted to a remote desktop or to a command line, this restriction can be overcome.)

For all those facilities, no administrative privileges are required on both the client and the agent host.

So ... as the “client”, be careful not to break your company's security policy by accident! Only give access to those agents you know and trust!
And as the “agent”, act in a responsible manner!

All Linked Together

Apart from the default mode that works either on invitation or unattended, there is also a direct mode for connecting to the remote network via your own or your customer's SSH server.
Connections in both modes can be combined and cascaded to build on each other and thus bring even more devices within reach.
Once it has been set up with keys from our shop, a small ButConnect Appliance can provide access to any device on your network without further configuration and without exposing it to the Internet.
That appliance running ButConnect just needs to be connected to your network and have basic Internet access. No port forwarding and no firewall or router configuration is required.

Unlike others, it's not expensive.

The use of ButConnect is basically free of charge for both personal and commercial use.

If you want to automate things (for instance for unattended operation on the client side or even on both sides) or if you want stronger security, it's possible to get your own dedicated SSH keys and thus your own username, password and code. In that case, there would also be no need to visit the ButConnect website and get a new code for every single connection.
Don't hesitate to contact us (info@butconnect.com) or visit our shop to get those keys online.

It's secure!

Okay — let's assume the SSH protocol is quite secure and well tested.
We rely on SSH and didn't change anything regarding the use of its protocol.
(BTW: We use SSH.NET and OpenSSH for the SSH part.)

When generating the credentials, we use 8 randomly chosen lower case letters for usernames and randomly chosen numbers between 16384 and 49151 for passwords. Together, that's more than 6.8x10¹⁵ different combinations. Additionally, we use a randomly chosen combination of one lower case letter and one digit for the code.
After several unsuccessful attempts to log on or to get a code, the IP address of a possible attacker will be blocked for longer than the created account exists at all.

If you got your own dedicated SSH keys, your username, password and code will no longer be generated randomly for every new session, but are fixed now. Also, your account is available permanently.
On the other hand, your account is additionally secured with that SSH key (which is much stronger than the username/password/code combination and which for its part can — and should — be secured with a passphrase).