My start up is building a computer which runs debian linux and some custom programs. What is the best way to remotely access the machines without the user having to do anything?
Our product is currently in an early stage where the update process is not well tested and could break itself. I am looking for an easy way to access the machines remotely via SSH. The machines are behind standard home firewalls and don't have a static IP or anything of this nature.
My thought was using something along the lines of a init script which runs a reverse SSH such as: ssh -N -R 2222:localhost:22 [email protected]
The thing I don't like about this is that each machine has to have its own port and user. Also even if I don't need the SSH connection it is open and traffic used.
I am thinking of writing an application on the server which provides a simple webpage the clients check every x minutes using an http request whether it needs to connect via SSH. If it does the server script creates an account and tells the client what port and user to use.
Set up an OpenVPN server. All the remote machines will be OpenVPN clients to the server and will get a VPN IP address (e.g., 10.8.0.x). As they are clients, you don't care about the public IP address. Also, the clients will not need to open up ports on their routers to let in traffic, as they will be making outgoing connections to the VPN server.
To get to any of these machines, you would just ssh to the VPN IP address. The ssh daemon isn't exposed to the public, as it can listen only on the VPN network.
You don't need to run the OpenVPN server at your location; you can set up something like an Amazon EC2 instance in, say, the free tier to try this out to see if it works for your situation. You will likely want a static IP for the server; you can get away with some sort of dyndns shenanigans, but not for any real setup.