I have been tasked with setting up and supporting some computers for some people who have sociological problems. Troubled teens/adults and the like. They need computers to do very basic tasks like web browse, but they know little about computers and will delete and destroy anything they can without care.
So I am building some cheap white boxes and plan to put a locked down version of Ubuntu on it with some built in recovery options. Any suggestions on a ChromeOS like Distro would be appreciated.
My big problem is remote administration. They will not have a fixed IP and I won't control anything about the network. So port forwarding is out.
An option is to buy an EC2 and have each client connect with OpenVPN when they come online. I could then SSH in and fix problems. But EC2 is not free and I will not be making any money from this.
My preferred way is BotNet style. I have a friend that runs a private IRC server. I could set up a channel and have all the clients log in and I could issue commands. A remote bash shell to IRC gateway would be nice.
I do something like this only over XMPP with Nagios with my servers. It's real handy to quickly look down a list and see who is online, who is having problems, and issue commands.
Anyone know of such an IRC bot like a BotNet? Or any better way to do this?
How about installing autossh on these boxes to open an ssh tunnel to a central remote admin server every time the box starts up. Through that connection, tunnel their ssh port so you can have full ssh access anytime you want.
A couple of options.
1) How about a reverse SSH Tunnel? http://www.howtoforge.com/reverse-ssh-tunneling It's simple and works behind NAT. Try it and see if it works.
Not really certain if you need to know the source IP always. That could be a problem.
2) Teamviewer for linux. The way teamviewer works is it starts a service that connects to the teamviewer host (something you do not need to care about). You simply use the automatically generated ID to access the machine with a password. You can lock down the teamviewer service so that users can't mess it up as well.
It gives you a full desktop experience, I'm not sure if that's an issue for you or not.
Its not exactly remote access, but if your friend has an irc server, you could perhaps convince them to either setup activemq for mcollective, or a puppetmaster. This would allow you to run commands on multiple systems, or always ensure a system has a certain configuration.
I could not find a BotNET style program that fit my simple needs, but it was easy to make my own in Perl using an example I found.
If anyone wants it, enjoy. http://pastebin.com/S03aZW1f
Thanks for the help.
Consider using DynDNS and an NX server with ssh for remote desktop administration. Oliver's idea is a good suggestion too.